2.6

CVE-2005-3089

Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version1.0
MozillaFirefox Version1.0.1
MozillaFirefox Version1.0.2
MozillaFirefox Version1.0.3
MozillaFirefox Version1.0.4
MozillaFirefox Version1.0.5
MozillaFirefox Version1.0.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.68% 0.74
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/16977
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
http://securitytracker.com/id?1014949
Patch
http://www.mozilla.org/products/firefox/releases/1.0.7.html
Patch
http://www.osvdb.org/19615
http://www.securityfocus.com/bid/14924
Patch
https://bugzilla.mozilla.org/show_bug.cgi?id=302100
https://exchange.xforce.ibmcloud.com/vulnerabilities/22371
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9280