Vulnerabilities > CVE-2005-2602 - Unspecified vulnerability in Mozilla Firefox and Thunderbird
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family Windows NASL id MOZILLA_FIREFOX_106.NASL description The remote host is using Firefox, an alternative web browser. The installed version of Firefox contains various security issues, several of which are critical as they can be easily exploited to execute arbitrary shell code on the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 19719 published 2005-09-17 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19719 title Firefox < 1.0.7 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(19719); script_version("1.31"); script_cve_id( "CVE-2005-2602", "CVE-2005-2701", "CVE-2005-2702", "CVE-2005-2703", "CVE-2005-2704", "CVE-2005-2705", "CVE-2005-2706", "CVE-2005-2707", "CVE-2005-2871", "CVE-2005-3089" ); script_bugtraq_id( 14526, 14784, 14916, 14917, 14918, 14919, 14920, 14921, 14923, 14924 ); script_name(english:"Firefox < 1.0.7 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "A web browser on the remote host is prone to multiple flaws, including arbitrary code execution." ); script_set_attribute(attribute:"description", value: "The remote host is using Firefox, an alternative web browser. The installed version of Firefox contains various security issues, several of which are critical as they can be easily exploited to execute arbitrary shell code on the remote host." ); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/407704"); script_set_attribute(attribute:"see_also", value:"http://security-protocols.com/advisory/sp-x17-advisory.txt"); # http://web.archive.org/web/20100329062735/http://www.mozilla.org/security/idn.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?11c09cbe"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-58/"); script_set_attribute(attribute:"solution", value: "Upgrade to Firefox 1.0.7 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(94); script_set_attribute(attribute:"plugin_publication_date", value: "2005/09/17"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/08/09"); script_set_attribute(attribute:"patch_publication_date", value: "2005/09/09"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_summary(english:"Determines the version of Firefox"); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox"); mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'1.0.7', severity:SECURITY_HOLE);
NASL family Windows NASL id NETSCAPE_BROWSER_8033.NASL description The remote host is using Netscape Browser / Netscape Navigator, an alternative web browser. The version of Netscape Browser / Netscape Navigator installed on the remote host is prone to multiple flaws, including one that may allow an attacker to execute arbitrary code on the affected system. last seen 2020-06-01 modified 2020-06-02 plugin id 19696 published 2005-09-14 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19696 title Netscape Browser < 8.0.4 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(19696); script_version("1.25"); script_cve_id("CVE-2005-2602", "CVE-2005-3089"); script_bugtraq_id(14526, 14924); script_name(english:"Netscape Browser < 8.0.4 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "A web browser on the remote host is prone to multiple flaws, including arbitrary code execution." ); script_set_attribute(attribute:"description", value: "The remote host is using Netscape Browser / Netscape Navigator, an alternative web browser. The version of Netscape Browser / Netscape Navigator installed on the remote host is prone to multiple flaws, including one that may allow an attacker to execute arbitrary code on the affected system." ); script_set_attribute(attribute:"see_also", value:"http://security-protocols.com/advisory/sp-x17-advisory.txt" ); script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/advisories/16944/" ); script_set_attribute(attribute:"solution", value: "The Netscape Browser/Navigator has been discontinued. While these issues were reportedly fixed in 8.0.4, it is strongly recommended that you consider upgrading to the latest version of a Mozilla Browser." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/09/14"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/08/09"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe",value:"cpe:/a:netscape:navigator"); script_end_attributes(); script_summary(english:"Checks for Netscape Browser <= 8.0.3.3"); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencies("netscape_browser_detect.nasl"); script_require_keys("SMB/Netscape/installed"); exit(0); } # include("global_settings.inc"); list = get_kb_list("SMB/Netscape/*"); if (isnull(list)) exit(0); foreach key (keys(list)) { ver = key - "SMB/Netscape/"; if ( ver && ( ver =~ "^8\.0\.[0-3]([^0-9]|$)" || (report_paranoia > 1 && ver =~ "^[0-7]\.") ) ) { security_hole(get_kb_item("SMB/transport")); exit(0); } }
NASL family Windows NASL id MOZILLA_1711.NASL description The installed version of Mozilla contains various security issues, several of which are critical as they can be easily exploited to execute arbitrary shell code on the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 19718 published 2005-09-17 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19718 title Mozilla Browser < 1.7.12 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(19718); script_version("1.24"); script_cvs_date("Date: 2018/07/16 14:09:14"); script_cve_id( "CVE-2005-2602", "CVE-2005-2701", "CVE-2005-2702", "CVE-2005-2703", "CVE-2005-2704", "CVE-2005-2705", "CVE-2005-2706", "CVE-2005-2707" ); script_bugtraq_id( 14526, 14916, 14917, 14918, 14919, 14920, 14921, 14923 ); script_name(english:"Mozilla Browser < 1.7.12 Multiple Vulnerabilities"); script_summary(english:"Checks for Mozilla browser < 1.7.12"); script_set_attribute(attribute:"synopsis", value: "A web browser on the remote host is affected by multiple vulnerabilities, including arbitrary code execution." ); script_set_attribute(attribute:"description", value: "The installed version of Mozilla contains various security issues, several of which are critical as they can be easily exploited to execute arbitrary shell code on the remote host." ); script_set_attribute(attribute:"see_also", value:"http://security-protocols.com/advisory/sp-x17-advisory.txt"); # http://web.archive.org/web/20100329062735/http://www.mozilla.org/security/idn.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?11c09cbe"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-58/"); script_set_attribute(attribute:"solution", value: "Upgrade to Mozilla 1.7.12 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(94); script_set_attribute(attribute:"plugin_publication_date", value: "2005/09/17"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/08/09"); script_set_attribute(attribute:"patch_publication_date", value: "2005/09/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:mozilla_suite"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Version"); exit(0); } # include("misc_func.inc"); ver = read_version_in_kb("Mozilla/Version"); if (isnull(ver)) exit(0); if ( ver[0] < 1 || ( ver[0] == 1 && ( ver[1] < 7 || (ver[1] == 7 && ver[2] < 12) ) ) ) security_hole(get_kb_item("SMB/transport"));