|
|
CVE Reference: CVE-2005-1477 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2005-1477 |
|
|
Description: The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/20443 ST 1013913 SCO SAID Secunia Advisory: SA15292 REDHAT http://www.redhat.com/support/errata/RHSA-2005-435.html http://www.redhat.com/support/errata/RHSA-2005-434.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9231 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100001 MISC http://greyhatsecurity.org/vulntests/ffrc.htm http://greyhatsecurity.org/firefox.htm FULLDISC http://marc.theaimsgroup.com/?l=full-disclosure&m=111556301530553&w=2 http://marc.theaimsgroup.com/?l=full-disclosure&m=111553138007647&w=2 CONFIRM http://www.mozilla.org/security/announce/mfsa2005-42.html CERT-VN 648758 BID 15495 13544 |
|
| Return to the previous page. |
