CVE-2005-1476

Exploit

EPSS 49.76%
Published 09.05.2005 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.

Affected products Warnungen 0 Metrics 2 CWE 0 References 22

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version <= 1.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	49.76%	0.977

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

http://www.securityfocus.com/bid/15495

http://greyhatsecurity.org/firefox.htm

http://greyhatsecurity.org/vulntests/ffrc.htm

Exploit

http://marc.info/?l=full-disclosure&m=111553138007647&w=2

http://marc.info/?l=full-disclosure&m=111556301530553&w=2

http://secunia.com/advisories/15292

Patch

Vendor Advisory

http://securitytracker.com/id?1013913

http://www.kb.cert.org/vuls/id/534710

US Government Resource

http://www.mozilla.org/security/announce/mfsa2005-42.html

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2005-434.html

http://www.redhat.com/support/errata/RHSA-2005-435.html

http://www.securityfocus.com/bid/13544

http://www.vupen.com/english/advisories/2005/0493

https://bugzilla.mozilla.org/show_bug.cgi?id=292691

https://bugzilla.mozilla.org/show_bug.cgi?id=293302

https://exchange.xforce.ibmcloud.com/vulnerabilities/20443

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100002

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10045

https://nvd.nist.gov/vuln/detail/CVE-2005-1476

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-1476

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-1476

EUVD