7.5

CVE-2005-2269

Exploit
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version0.8
MozillaFirefox Version0.9
MozillaFirefox Version0.9 Updaterc
MozillaFirefox Version0.9.1
MozillaFirefox Version0.9.2
MozillaFirefox Version0.9.3
MozillaFirefox Version0.10
MozillaFirefox Version0.10.1
MozillaFirefox Version1.0
MozillaFirefox Version1.0.1
MozillaFirefox Version1.0.2
MozillaFirefox Version1.0.3
MozillaFirefox Version1.0.4
MozillaMozilla Version1.3
MozillaMozilla Version1.4
MozillaMozilla Version1.4 Updatealpha
MozillaMozilla Version1.4.1
MozillaMozilla Version1.5
MozillaMozilla Version1.5 Updatealpha
MozillaMozilla Version1.5 Updaterc1
MozillaMozilla Version1.5 Updaterc2
MozillaMozilla Version1.5.1
MozillaMozilla Version1.6
MozillaMozilla Version1.6 Updatealpha
MozillaMozilla Version1.6 Updatebeta
MozillaMozilla Version1.7
MozillaMozilla Version1.7 Updatealpha
MozillaMozilla Version1.7 Updatebeta
MozillaMozilla Version1.7 Updaterc1
MozillaMozilla Version1.7 Updaterc2
MozillaMozilla Version1.7 Updaterc3
MozillaMozilla Version1.7.1
MozillaMozilla Version1.7.2
MozillaMozilla Version1.7.3
MozillaMozilla Version1.7.5
MozillaMozilla Version1.7.6
MozillaMozilla Version1.7.7
MozillaMozilla Version1.7.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.82% 0.922
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.debian.org/security/2005/dsa-810
http://secunia.com/advisories/19823
http://www.novell.com/linux/security/advisories/2006_04_25.html
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://www.redhat.com/support/errata/RHSA-2005-601.html
http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
http://www.redhat.com/support/errata/RHSA-2005-586.html
http://www.redhat.com/support/errata/RHSA-2005-587.html
http://www.securityfocus.com/bid/14242
http://www.vupen.com/english/advisories/2005/1075
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
http://secunia.com/advisories/16043
http://secunia.com/advisories/16044
http://secunia.com/advisories/16059
http://www.ciac.org/ciac/bulletins/p-252.shtml
http://www.networksecurity.fi/advisories/netscape-multiple-issues.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005
http://www.mozilla.org/security/announce/mfsa2005-55.html
Patch
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=298892
Vendor Advisory
Exploit
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777