5
CVE-2005-0588
- EPSS 1.57%
- Veröffentlicht 02.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:11:24
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.57% | 0.721 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
http://www.redhat.com/support/errata/RHSA-2005-176.html
http://www.redhat.com/support/errata/RHSA-2005-384.html
http://www.securityfocus.com/bid/12659
http://www.mozilla.org/security/announce/mfsa2005-20.html
https://bugzilla.mozilla.org/show_bug.cgi?id=271209
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100038
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10682