Vulnerabilities > CVE-2005-1477 - Remote Arbitrary Code Execution vulnerability in Mozilla Firefox 1.0.3
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Windows NASL id MOZILLA_FIREFOX_104.NASL description The installed version of Firefox is earlier than 1.0.4. Such versions have multiple vulnerabilities that may allow arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 18243 published 2005-05-12 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18243 title Firefox < 1.0.4 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(18243); script_version("1.28"); script_cve_id( "CVE-2005-1476", "CVE-2005-1477", "CVE-2005-1531", "CVE-2005-1532" ); script_bugtraq_id(13544, 13641, 13645); script_name(english:"Firefox < 1.0.4 Multiple Vulnerabilities"); script_summary(english:"Determines the version of Firefox"); script_set_attribute( attribute:"synopsis", value: "The remote Windows host contains a web browser that is affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The installed version of Firefox is earlier than 1.0.4. Such versions have multiple vulnerabilities that may allow arbitrary code execution." ); script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-42/" ); script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-43/" ); script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-44/" ); script_set_attribute( attribute:"solution", value:"Upgrade to Firefox 1.0.4 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/05/12"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/05/07"); script_set_attribute(attribute:"patch_publication_date", value: "2005/05/11"); script_cvs_date("Date: 2018/07/16 14:09:14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"Windows"); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } # include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox"); mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'1.0.4', severity:SECURITY_HOLE);NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-435.NASL description Updated mozilla packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 24 May 2005] This erratum now includes updated devhelp packages which are required to satisfy a dependency on systems that have devhelp packages installed. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs were found in the way Mozilla executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Users of Mozilla are advised to upgrade to this updated package, which contains Mozilla version 1.7.8 to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 18388 published 2005-05-28 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18388 title RHEL 2.1 / 3 / 4 : mozilla (RHSA-2005:435) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:435. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(18388); script_version ("1.29"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-1476", "CVE-2005-1477", "CVE-2005-1531", "CVE-2005-1532"); script_xref(name:"RHSA", value:"2005:435"); script_name(english:"RHEL 2.1 / 3 / 4 : mozilla (RHSA-2005:435)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated mozilla packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 24 May 2005] This erratum now includes updated devhelp packages which are required to satisfy a dependency on systems that have devhelp packages installed. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs were found in the way Mozilla executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Users of Mozilla are advised to upgrade to this updated package, which contains Mozilla version 1.7.8 to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1476" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1477" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1531" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1532" ); # http://www.mozilla.org/projects/security/known-vulnerabilities.html# script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/known-vulnerabilities/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:435" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:devhelp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:devhelp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:galeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-chat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/09"); script_set_attribute(attribute:"patch_publication_date", value:"2005/05/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/05/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:435"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"galeon-1.2.14-1.2.5")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-chat-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-devel-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-dom-inspector-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-js-debugger-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-mail-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nspr-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nspr-devel-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nss-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nss-devel-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-chat-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-devel-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-dom-inspector-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-js-debugger-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-mail-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-nspr-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-nspr-devel-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-nss-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-nss-devel-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"devhelp-0.9.2-2.4.5")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"devhelp-0.9.2-2.4.5")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"devhelp-devel-0.9.2-2.4.5")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"devhelp-devel-0.9.2-2.4.5")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-1.7.8-1.4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-chat-1.7.8-1.4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-devel-1.7.8-1.4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-dom-inspector-1.7.8-1.4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-js-debugger-1.7.8-1.4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-mail-1.7.8-1.4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-nspr-1.7.8-1.4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-nspr-devel-1.7.8-1.4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-nss-1.7.8-1.4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-nss-devel-1.7.8-1.4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "devhelp / devhelp-devel / galeon / mozilla / mozilla-chat / etc"); } }NASL family Windows NASL id MOZILLA_178.NASL description The remote version of Mozilla contains various security issues that may allow an attacker to execute arbitrary code on the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 18244 published 2005-05-12 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18244 title Mozilla Browser < 1.7.8 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(18244); script_version("1.28"); script_cve_id( "CVE-2005-1476", "CVE-2005-1477", "CVE-2005-1531", "CVE-2005-1532" ); script_bugtraq_id(13544, 13641, 13645); script_name(english:"Mozilla Browser < 1.7.8 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote host contains multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "The remote version of Mozilla contains various security issues that may allow an attacker to execute arbitrary code on the remote host." ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-43/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-44/" ); script_set_attribute(attribute:"solution", value: "Upgrade to Mozilla 1.7.8 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/05/12"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/05/07"); script_set_attribute(attribute:"patch_publication_date", value: "2005/05/11"); script_cvs_date("Date: 2018/07/16 14:09:14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:mozilla"); script_end_attributes(); script_summary(english:"Determines the version of Mozilla"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"Windows"); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Version"); exit(0); } # include("misc_func.inc"); ver = read_version_in_kb("Mozilla/Version"); if (isnull(ver)) exit(0); if ( ver[0] < 1 || ( ver[0] == 1 && ( ver[1] < 7 || (ver[1] == 7 && ver[2] < 8) ) ) ) security_hole(get_kb_item("SMB/transport"));NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-434.NASL description Updated firefox packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several bugs were found in the way Firefox executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Please note that the effects of CVE-2005-1477 are mitigated by the default setup, which allows only the Mozilla Update site to attempt installation of Firefox extensions. The Mozilla Update site has been modified to prevent this attack from working. If other URLs have been manually added to the whitelist, it may be possible to execute this attack. Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.4 which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 18387 published 2005-05-28 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18387 title RHEL 4 : firefox (RHSA-2005:434) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:434. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(18387); script_version ("1.28"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-1476", "CVE-2005-1477", "CVE-2005-1531", "CVE-2005-1532"); script_xref(name:"RHSA", value:"2005:434"); script_name(english:"RHEL 4 : firefox (RHSA-2005:434)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated firefox packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several bugs were found in the way Firefox executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Please note that the effects of CVE-2005-1477 are mitigated by the default setup, which allows only the Mozilla Update site to attempt installation of Firefox extensions. The Mozilla Update site has been modified to prevent this attack from working. If other URLs have been manually added to the whitelist, it may be possible to execute this attack. Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.4 which is not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1476" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1477" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1531" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1532" ); # http://www.mozilla.org/projects/security/known-vulnerabilities.html# script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/known-vulnerabilities/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:434" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/09"); script_set_attribute(attribute:"patch_publication_date", value:"2005/05/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/05/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:434"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"firefox-1.0.4-1.4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox"); } }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-435.NASL description Updated mozilla packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 24 May 2005] This erratum now includes updated devhelp packages which are required to satisfy a dependency on systems that have devhelp packages installed. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs were found in the way Mozilla executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Users of Mozilla are advised to upgrade to this updated package, which contains Mozilla version 1.7.8 to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21827 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21827 title CentOS 3 / 4 : mozilla (CESA-2005:435) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:435 and # CentOS Errata and Security Advisory 2005:435 respectively. # include("compat.inc"); if (description) { script_id(21827); script_version("1.23"); script_cvs_date("Date: 2019/10/25 13:36:02"); script_cve_id("CVE-2005-1476", "CVE-2005-1477", "CVE-2005-1531", "CVE-2005-1532"); script_xref(name:"RHSA", value:"2005:435"); script_name(english:"CentOS 3 / 4 : mozilla (CESA-2005:435)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated mozilla packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 24 May 2005] This erratum now includes updated devhelp packages which are required to satisfy a dependency on systems that have devhelp packages installed. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs were found in the way Mozilla executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Users of Mozilla are advised to upgrade to this updated package, which contains Mozilla version 1.7.8 to correct these issues." ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011738.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?355b36ce" ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011739.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ad1530b3" ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011743.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?408c0c61" ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011744.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ff2a9392" ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011750.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2fb16e5d" ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011751.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?08b8ff13" ); script_set_attribute( attribute:"solution", value:"Update the affected mozilla packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:devhelp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:devhelp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-chat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-js-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-nspr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-nss-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/09"); script_set_attribute(attribute:"patch_publication_date", value:"2005/05/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"mozilla-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"mozilla-chat-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"mozilla-devel-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"mozilla-dom-inspector-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"mozilla-js-debugger-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"mozilla-mail-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"mozilla-nspr-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"mozilla-nspr-devel-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"mozilla-nss-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"mozilla-nss-devel-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"devhelp-0.9.2-2.4.4.centos4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"devhelp-0.9.2-2.4.4.centos4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"devhelp-devel-0.9.2-2.4.4.centos4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"devhelp-devel-0.9.2-2.4.4.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-1.7.8-1.4.1.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-chat-1.7.8-1.4.1.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-devel-1.7.8-1.4.1.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-dom-inspector-1.7.8-1.4.1.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-js-debugger-1.7.8-1.4.1.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-mail-1.7.8-1.4.1.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-nspr-1.7.8-1.4.1.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-nspr-devel-1.7.8-1.4.1.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-nss-1.7.8-1.4.1.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-nss-devel-1.7.8-1.4.1.centos4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "devhelp / devhelp-devel / mozilla / mozilla-chat / mozilla-devel / etc"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200505-11.NASL description The remote host is affected by the vulnerability described in GLSA-200505-11 (Mozilla Suite, Mozilla Firefox: Remote compromise) The Mozilla Suite and Firefox do not properly protect last seen 2020-06-01 modified 2020-06-02 plugin id 18270 published 2005-05-17 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18270 title GLSA-200505-11 : Mozilla Suite, Mozilla Firefox: Remote compromise code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200505-11. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(18270); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2005-1476", "CVE-2005-1477"); script_xref(name:"GLSA", value:"200505-11"); script_name(english:"GLSA-200505-11 : Mozilla Suite, Mozilla Firefox: Remote compromise"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200505-11 (Mozilla Suite, Mozilla Firefox: Remote compromise) The Mozilla Suite and Firefox do not properly protect 'IFRAME' JavaScript URLs from being executed in context of another URL in the history list (CAN-2005-1476). The Mozilla Suite and Firefox also fail to verify the 'IconURL' parameter of the 'InstallTrigger.install()' function (CAN-2005-1477). Michael Krax and Georgi Guninski discovered that it is possible to bypass JavaScript-injection security checks by wrapping the javascript: URL within the view-source: or jar: pseudo-protocols (MFSA2005-43). Impact : A malicious remote attacker could use the 'IFRAME' issue to execute arbitrary JavaScript code within the context of another website, allowing to steal cookies or other sensitive data. By supplying a javascript: URL as the 'IconURL' parameter of the 'InstallTrigger.Install()' function, a remote attacker could also execute arbitrary JavaScript code. Combining both vulnerabilities with a website which is allowed to install software or wrapping javascript: URLs within the view-source: or jar: pseudo-protocols could possibly lead to the execution of arbitrary code with user privileges. Workaround : Affected systems can be protected by disabling JavaScript. However, we encourage Mozilla Suite or Mozilla Firefox users to upgrade to the latest available version." ); # http://www.mozilla.org/security/announce/mfsa2005-43.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-43/" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200505-11" ); script_set_attribute( attribute:"solution", value: "All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-1.0.4' All Mozilla Firefox binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-1.0.4' All Mozilla Suite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-1.7.8' All Mozilla Suite binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-bin-1.7.8'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/05/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/05/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/mozilla-firefox-bin", unaffected:make_list("ge 1.0.4"), vulnerable:make_list("lt 1.0.4"))) flag++; if (qpkg_check(package:"www-client/mozilla", unaffected:make_list("ge 1.7.8"), vulnerable:make_list("lt 1.7.8"))) flag++; if (qpkg_check(package:"www-client/mozilla-bin", unaffected:make_list("ge 1.7.8"), vulnerable:make_list("lt 1.7.8"))) flag++; if (qpkg_check(package:"www-client/mozilla-firefox", unaffected:make_list("ge 1.0.4"), vulnerable:make_list("lt 1.0.4"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla Suite / Mozilla Firefox"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_ECA6195AC23311D9804C02061B08FC24.NASL description A Mozilla Foundation Security Advisory reports : Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user last seen 2020-06-01 modified 2020-06-02 plugin id 19155 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19155 title FreeBSD : mozilla -- code execution via javascript: IconURL vulnerability (eca6195a-c233-11d9-804c-02061b08fc24) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-434.NASL description Updated firefox packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several bugs were found in the way Firefox executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Please note that the effects of CVE-2005-1477 are mitigated by the default setup, which allows only the Mozilla Update site to attempt installation of Firefox extensions. The Mozilla Update site has been modified to prevent this attack from working. If other URLs have been manually added to the whitelist, it may be possible to execute this attack. Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.4 which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21939 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21939 title CentOS 4 : firefox (CESA-2005:434)
Oval
accepted 2007-03-21T16:16:19.069-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Jonathan Baker organization The MITRE Corporation name Matthew Wojcik organization The MITRE Corporation name Anna Min organization BigFix, Inc name Daniel Tarnu organization GFI Software
description The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site. family windows id oval:org.mitre.oval:def:100001 status accepted submitted 2005-08-16T04:00:00.000-04:00 title Install Function in Firefox and Mozilla Permits Arbitrary Code Execution version 4 accepted 2013-04-29T04:18:31.566-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990
description The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site. family unix id oval:org.mitre.oval:def:9231 status accepted submitted 2010-07-09T03:56:16-04:00 title The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site. version 27
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
- http://greyhatsecurity.org/firefox.htm
- http://greyhatsecurity.org/vulntests/ffrc.htm
- http://marc.info/?l=full-disclosure&m=111553138007647&w=2
- http://marc.info/?l=full-disclosure&m=111556301530553&w=2
- http://secunia.com/advisories/15292
- http://securitytracker.com/id?1013913
- http://www.kb.cert.org/vuls/id/648758
- http://www.mozilla.org/security/announce/mfsa2005-42.html
- http://www.redhat.com/support/errata/RHSA-2005-434.html
- http://www.redhat.com/support/errata/RHSA-2005-435.html
- http://www.securityfocus.com/bid/13544
- http://www.securityfocus.com/bid/15495
- http://www.vupen.com/english/advisories/2005/0493
- https://bugzilla.mozilla.org/show_bug.cgi?id=292691
- https://bugzilla.mozilla.org/show_bug.cgi?id=293302
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20443
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100001
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9231