7.5

CVE-2005-1157

Exploit

EPSS 7.35%
Published 02.05.2005 04:00:00
Last modified 03.04.2025 01:03:51
Source secalert@redhat.com
Teams watchlist Login
Open Login

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."

Affected products Warnungen 0 Metrics 2 CWE 0 References 17

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version0.8

Mozilla ≫ Firefox Version0.9

Mozilla ≫ Firefox Version0.9 Updaterc

Mozilla ≫ Firefox Version0.9.1

Mozilla ≫ Firefox Version0.9.2

Mozilla ≫ Firefox Version0.9.3

Mozilla ≫ Firefox Version0.10

Mozilla ≫ Firefox Version0.10.1

Mozilla ≫ Firefox Version1.0

Mozilla ≫ Firefox Version1.0.1

Mozilla ≫ Firefox Version1.0.2

Mozilla ≫ Mozilla Version1.3

Mozilla ≫ Mozilla Version1.4

Mozilla ≫ Mozilla Version1.4 Updatealpha

Mozilla ≫ Mozilla Version1.4.1

Mozilla ≫ Mozilla Version1.5

Mozilla ≫ Mozilla Version1.5 Updatealpha

Mozilla ≫ Mozilla Version1.5 Updaterc1

Mozilla ≫ Mozilla Version1.5 Updaterc2

Mozilla ≫ Mozilla Version1.5.1

Mozilla ≫ Mozilla Version1.6

Mozilla ≫ Mozilla Version1.6 Updatealpha

Mozilla ≫ Mozilla Version1.6 Updatebeta

Mozilla ≫ Mozilla Version1.7

Mozilla ≫ Mozilla Version1.7 Updatealpha

Mozilla ≫ Mozilla Version1.7 Updatebeta

Mozilla ≫ Mozilla Version1.7 Updaterc1

Mozilla ≫ Mozilla Version1.7 Updaterc2

Mozilla ≫ Mozilla Version1.7 Updaterc3

Mozilla ≫ Mozilla Version1.7.1

Mozilla ≫ Mozilla Version1.7.2

Mozilla ≫ Mozilla Version1.7.3

Mozilla ≫ Mozilla Version1.7.5

Mozilla ≫ Mozilla Version1.7.6

Netscape ≫ Navigator Version7.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	7.35%	0.908

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

http://www.securityfocus.com/bid/15495

http://www.redhat.com/support/errata/RHSA-2005-384.html

http://secunia.com/advisories/14938

Patch

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2005-383.html

Patch

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2005-386.html

Patch

Vendor Advisory

http://secunia.com/advisories/14992

Patch

Vendor Advisory

http://secunia.com/advisories/14996

Patch

Vendor Advisory

http://www.mikx.de/firesearching/

Exploit

http://www.mozilla.org/security/announce/mfsa2005-38.html

Vendor Advisory

http://www.securityfocus.com/bid/13211

Patch

Exploit

https://bugzilla.mozilla.org/show_bug.cgi?id=290037

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/20125

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961

https://nvd.nist.gov/vuln/detail/CVE-2005-1157

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-1157

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-1157

EUVD