5.1

CVE-2005-1477

Exploit

EPSS 41.65%
Veröffentlicht 09.05.2005 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 22

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version1.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	41.65%	0.973

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

http://www.securityfocus.com/bid/15495

http://greyhatsecurity.org/firefox.htm

Exploit

http://greyhatsecurity.org/vulntests/ffrc.htm

Exploit

http://marc.info/?l=full-disclosure&m=111553138007647&w=2

http://marc.info/?l=full-disclosure&m=111556301530553&w=2

http://secunia.com/advisories/15292

Patch

http://securitytracker.com/id?1013913

http://www.mozilla.org/security/announce/mfsa2005-42.html

http://www.redhat.com/support/errata/RHSA-2005-434.html

http://www.redhat.com/support/errata/RHSA-2005-435.html

http://www.securityfocus.com/bid/13544

http://www.vupen.com/english/advisories/2005/0493

https://bugzilla.mozilla.org/show_bug.cgi?id=292691

https://bugzilla.mozilla.org/show_bug.cgi?id=293302

https://exchange.xforce.ibmcloud.com/vulnerabilities/20443

http://www.kb.cert.org/vuls/id/648758

US Government Resource

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100001

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9231

https://nvd.nist.gov/vuln/detail/CVE-2005-1477

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-1477

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-1477

EUVD