5.1
CVE-2005-1477
- EPSS 15.24%
- Veröffentlicht 09.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:13:07
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 15.24% | 0.963 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.1 | 4.9 | 6.4 |
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://www.securityfocus.com/bid/15495
http://greyhatsecurity.org/firefox.htm
http://greyhatsecurity.org/vulntests/ffrc.htm
http://marc.info/?l=full-disclosure&m=111553138007647&w=2
http://marc.info/?l=full-disclosure&m=111556301530553&w=2
http://secunia.com/advisories/15292
http://securitytracker.com/id?1013913
http://www.mozilla.org/security/announce/mfsa2005-42.html
http://www.redhat.com/support/errata/RHSA-2005-434.html
http://www.redhat.com/support/errata/RHSA-2005-435.html
http://www.securityfocus.com/bid/13544
http://www.vupen.com/english/advisories/2005/0493
https://bugzilla.mozilla.org/show_bug.cgi?id=292691
https://bugzilla.mozilla.org/show_bug.cgi?id=293302
https://exchange.xforce.ibmcloud.com/vulnerabilities/20443
http://www.kb.cert.org/vuls/id/648758
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100001
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9231