Vulnerabilities > CVE-2005-2602 - Unspecified vulnerability in Mozilla Firefox and Thunderbird

047910
CVSS 2.6 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
high complexity
mozilla
nessus

Summary

Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.

Vulnerable Configurations

Part Description Count
Application
Mozilla
2

Nessus

  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_106.NASL
    descriptionThe remote host is using Firefox, an alternative web browser. The installed version of Firefox contains various security issues, several of which are critical as they can be easily exploited to execute arbitrary shell code on the remote host.
    last seen2020-06-01
    modified2020-06-02
    plugin id19719
    published2005-09-17
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19719
    titleFirefox < 1.0.7 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    
    include("compat.inc");
    
    if (description) {
      script_id(19719);
      script_version("1.31");
    
      script_cve_id(
        "CVE-2005-2602", 
        "CVE-2005-2701", 
        "CVE-2005-2702", 
        "CVE-2005-2703", 
        "CVE-2005-2704",
        "CVE-2005-2705", 
        "CVE-2005-2706", 
        "CVE-2005-2707", 
        "CVE-2005-2871", 
        "CVE-2005-3089"
      );
      script_bugtraq_id(
        14526, 
        14784, 
        14916, 
        14917, 
        14918, 
        14919, 
        14920, 
        14921, 
        14923, 
        14924
      );
    
      script_name(english:"Firefox < 1.0.7 Multiple Vulnerabilities");
    
     script_set_attribute(attribute:"synopsis", value:
    "A web browser on the remote host is prone to multiple flaws, including
    arbitrary code execution." );
     script_set_attribute(attribute:"description", value:
    "The remote host is using Firefox, an alternative web browser. 
    
    The installed version of Firefox contains various security issues,
    several of which are critical as they can be easily exploited to
    execute arbitrary shell code on the remote host." );
     script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/407704");
     script_set_attribute(attribute:"see_also", value:"http://security-protocols.com/advisory/sp-x17-advisory.txt");
     # http://web.archive.org/web/20100329062735/http://www.mozilla.org/security/idn.html
     script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?11c09cbe");
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-58/");
     script_set_attribute(attribute:"solution", value:
    "Upgrade to Firefox 1.0.7 or later." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_cwe_id(94);
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2005/09/17");
     script_set_attribute(attribute:"vuln_publication_date", value: "2005/08/09");
     script_set_attribute(attribute:"patch_publication_date", value: "2005/09/09");
     script_cvs_date("Date: 2018/11/15 20:50:27");
    script_set_attribute(attribute:"plugin_type", value:"local");
    script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
    script_end_attributes();
    
      script_summary(english:"Determines the version of Firefox");
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
      script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Firefox/Version");
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport"); 
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
    
    mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'1.0.7', severity:SECURITY_HOLE);
  • NASL familyWindows
    NASL idNETSCAPE_BROWSER_8033.NASL
    descriptionThe remote host is using Netscape Browser / Netscape Navigator, an alternative web browser. The version of Netscape Browser / Netscape Navigator installed on the remote host is prone to multiple flaws, including one that may allow an attacker to execute arbitrary code on the affected system.
    last seen2020-06-01
    modified2020-06-02
    plugin id19696
    published2005-09-14
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19696
    titleNetscape Browser < 8.0.4 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description) {
      script_id(19696);
      script_version("1.25");
    
      script_cve_id("CVE-2005-2602", "CVE-2005-3089");
      script_bugtraq_id(14526, 14924);
    
      script_name(english:"Netscape Browser < 8.0.4 Multiple Vulnerabilities");
     
     script_set_attribute(attribute:"synopsis", value:
    "A web browser on the remote host is prone to multiple flaws, including
    arbitrary code execution." );
     script_set_attribute(attribute:"description", value:
    "The remote host is using Netscape Browser / Netscape Navigator, an
    alternative web browser. 
    
    The version of Netscape Browser / Netscape Navigator installed on the
    remote host is prone to multiple flaws, including one that may allow
    an attacker to execute arbitrary code on the affected system." );
     script_set_attribute(attribute:"see_also", value:"http://security-protocols.com/advisory/sp-x17-advisory.txt" );
     script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/advisories/16944/" );
     script_set_attribute(attribute:"solution", value:
    "The Netscape Browser/Navigator has been discontinued.  While these
    issues were reportedly fixed in 8.0.4, it is strongly recommended that
    you consider upgrading to the latest version of a Mozilla Browser." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
     script_set_attribute(attribute:"plugin_publication_date", value: "2005/09/14");
     script_set_attribute(attribute:"vuln_publication_date", value: "2005/08/09");
     script_cvs_date("Date: 2018/11/15 20:50:27");
     script_set_attribute(attribute:"plugin_type", value:"local");
    script_set_attribute(attribute:"cpe",value:"cpe:/a:netscape:navigator"); 
    script_end_attributes();
    
      script_summary(english:"Checks for Netscape Browser <= 8.0.3.3");
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
      script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
      script_dependencies("netscape_browser_detect.nasl");
      script_require_keys("SMB/Netscape/installed");
      exit(0);
    }
    
    #
    
    include("global_settings.inc");
    
    
    list = get_kb_list("SMB/Netscape/*");
    if (isnull(list)) exit(0);
    
    foreach key (keys(list))
    {
      ver = key - "SMB/Netscape/";
      if (
        ver && 
        (
          ver =~ "^8\.0\.[0-3]([^0-9]|$)" ||
          (report_paranoia > 1 && ver =~ "^[0-7]\.")
        )
      )
      {
        security_hole(get_kb_item("SMB/transport"));
        exit(0);
      }
    }
    
  • NASL familyWindows
    NASL idMOZILLA_1711.NASL
    descriptionThe installed version of Mozilla contains various security issues, several of which are critical as they can be easily exploited to execute arbitrary shell code on the remote host.
    last seen2020-06-01
    modified2020-06-02
    plugin id19718
    published2005-09-17
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19718
    titleMozilla Browser < 1.7.12 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(19718);
      script_version("1.24");
      script_cvs_date("Date: 2018/07/16 14:09:14");
    
      script_cve_id(
        "CVE-2005-2602", 
        "CVE-2005-2701", 
        "CVE-2005-2702", 
        "CVE-2005-2703",
        "CVE-2005-2704", 
        "CVE-2005-2705", 
        "CVE-2005-2706", 
        "CVE-2005-2707"
     );
      script_bugtraq_id(
        14526, 
        14916, 
        14917, 
        14918, 
        14919, 
        14920, 
        14921, 
        14923
     );
    
      script_name(english:"Mozilla Browser < 1.7.12 Multiple Vulnerabilities");
      script_summary(english:"Checks for Mozilla browser < 1.7.12");
     
      script_set_attribute(attribute:"synopsis", value:
    "A web browser on the remote host is affected by multiple
    vulnerabilities, including arbitrary code execution." );
      script_set_attribute(attribute:"description", value:
    "The installed version of Mozilla contains various security issues,
    several of which are critical as they can be easily exploited to
    execute arbitrary shell code on the remote host." );
      script_set_attribute(attribute:"see_also", value:"http://security-protocols.com/advisory/sp-x17-advisory.txt");
      # http://web.archive.org/web/20100329062735/http://www.mozilla.org/security/idn.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?11c09cbe");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-58/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Mozilla 1.7.12 or later." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
     script_cwe_id(94);
    
      script_set_attribute(attribute:"plugin_publication_date", value: "2005/09/17");
      script_set_attribute(attribute:"vuln_publication_date", value: "2005/08/09");
      script_set_attribute(attribute:"patch_publication_date", value: "2005/09/22");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:mozilla_suite");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
      script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Version");
      exit(0);
    }
    
    #
    
    include("misc_func.inc");
    
    
    ver = read_version_in_kb("Mozilla/Version");
    if (isnull(ver)) exit(0);
    
    if (
      ver[0] < 1 ||
      (
        ver[0] == 1 &&
        (
          ver[1] < 7 ||
          (ver[1] == 7 && ver[2] < 12)
        )
      )
    ) security_hole(get_kb_item("SMB/transport"));