5.1

CVE-2005-1477

Exploit

EPSS 41.65%
Published 09.05.2005 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.

Affected products Warnungen 0 Metrics 2 CWE 0 References 22

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version1.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	41.65%	0.973

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

http://www.securityfocus.com/bid/15495

http://greyhatsecurity.org/firefox.htm

Exploit

http://greyhatsecurity.org/vulntests/ffrc.htm

Exploit

http://marc.info/?l=full-disclosure&m=111553138007647&w=2

http://marc.info/?l=full-disclosure&m=111556301530553&w=2

http://secunia.com/advisories/15292

Patch

http://securitytracker.com/id?1013913

http://www.mozilla.org/security/announce/mfsa2005-42.html

http://www.redhat.com/support/errata/RHSA-2005-434.html

http://www.redhat.com/support/errata/RHSA-2005-435.html

http://www.securityfocus.com/bid/13544

http://www.vupen.com/english/advisories/2005/0493

https://bugzilla.mozilla.org/show_bug.cgi?id=292691

https://bugzilla.mozilla.org/show_bug.cgi?id=293302

https://exchange.xforce.ibmcloud.com/vulnerabilities/20443

http://www.kb.cert.org/vuls/id/648758

US Government Resource

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100001

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9231

https://nvd.nist.gov/vuln/detail/CVE-2005-1477

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-1477

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-1477

EUVD