Vulnerabilities > CVE-2005-2705 - Unspecified vulnerability in Mozilla Firefox and Mozilla Suite

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
mozilla
nessus

Summary

Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-926.NASL
    descriptionAn updated firefox package that fixes several security bugs is now available for Fedora Core 4. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the way Firefox processes XBM image files. If a user views a specially crafted XBM file, it becomes possible to execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2701 to this issue. A bug was found in the way Firefox processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Firefox if the user views a specially crafted Unicode sequence. (CVE-2005-2702) A bug was found in the way Firefox makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id19871
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19871
    titleFedora Core 4 : firefox-1.0.7-1.1.fc4 (2005-926)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-169.NASL
    descriptionA number of vulnerabilities have been discovered in Mozilla Firefox that have been corrected in version 1.0.7: A bug in the way Firefox processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file (CVE-2005-2701). A bug in the way Firefox handles certain Unicode sequences could be used to execute arbitrary code via viewing a specially crafted Unicode sequence (CVE-2005-2702). A bug in the way Firefox makes XMLHttp requests could be abused by a malicious web page to exploit other proxy or server flaws from the victim's machine; however, the default behaviour of the browser is to disallow this (CVE-2005-2703). A bug in the way Firefox implemented its XBL interface could be abused by a malicious web page to create an XBL binding in such a way as to allow arbitrary JavaScript execution with chrome permissions (CVE-2005-2704). An integer overflow in Firefox's JavaScript engine could be manipulated in certain conditions to allow a malicious web page to execute arbitrary code (CVE-2005-2705). A bug in the way Firefox displays about: pages could be used to execute JavaScript with chrome privileges (CVE-2005-2706). A bug in the way Firefox opens new windows could be used by a malicious web page to construct a new window without any user interface elements (such as address bar and status bar) that could be used to potentially mislead the user (CVE-2005-2707). A bug in the way Firefox proceesed URLs on the command line could be used to execute arbitary commands as the user running Firefox; this could be abused by clicking on a supplied link, such as from an instant messaging client (CVE-2005-2968). Tom Ferris reported that Firefox would crash when processing a domain name consisting solely of soft-hyphen characters due to a heap overflow when IDN processing results in an empty string after removing non- wrapping chracters, such as soft-hyphens. This could be exploited to run or or install malware on the user's computer (CVE-2005-2871). The updated packages have been patched to address these issues and all users are urged to upgrade immediately.
    last seen2017-10-29
    modified2012-09-07
    plugin id20425
    published2006-01-15
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=20425
    titleMDKSA-2005:169 : mozilla-firefox
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-932.NASL
    descriptionUpdated mozilla packages that fix several security bugs are now available for Fedora Core 3. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug was found in the way Mozilla processes XBM image files. If a user views a specially crafted XBM file, it becomes possible to execute arbitrary code as the user running Mozilla. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2701 to this issue. A bug was found in the way Mozilla processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Mozilla, if the user views a specially crafted Unicode sequence. (CVE-2005-2702) A bug was found in the way Mozilla makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id19877
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19877
    titleFedora Core 3 : mozilla-1.7.12-1.3.1 (2005-932)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_106.NASL
    descriptionThe remote host is using Firefox, an alternative web browser. The installed version of Firefox contains various security issues, several of which are critical as they can be easily exploited to execute arbitrary shell code on the remote host.
    last seen2020-06-01
    modified2020-06-02
    plugin id19719
    published2005-09-17
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19719
    titleFirefox < 1.0.7 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-931.NASL
    descriptionAn updated firefox package that fixes several security bugs is now available for Fedora Core 3. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the way Firefox processes XBM image files. If a user views a specially crafted XBM file, it becomes possible to execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2701 to this issue. A bug was found in the way Firefox processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Firefox if the user views a specially crafted Unicode sequence. (CVE-2005-2702) A bug was found in the way Firefox makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id19876
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19876
    titleFedora Core 3 : firefox-1.0.7-1.1.fc3 (2005-931)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-186-1.NASL
    descriptionPeter Zelezny discovered that URLs which are passed to Firefox or Mozilla on the command line are not correctly protected against interpretation by the shell. If Firefox or Mozilla is configured as the default handler for URLs (which is the default in Ubuntu), this could be exploited to execute arbitrary code with user privileges by tricking the user into clicking on a specially crafted URL (for example, in an email or chat client). (CAN-2005-2968, MFSA-2005-59) A buffer overflow was discovered in the XBM image handler. By tricking an user into opening a specially crafted XBM image, an attacker could exploit this to execute arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id20597
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20597
    titleUbuntu 4.10 / 5.04 : mozilla, mozilla-firefox vulnerabilities (USN-186-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-170.NASL
    descriptionA number of vulnerabilities have been discovered in Mozilla that have been corrected in version 1.7.12 : A bug in the way Mozilla processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file (CVE-2005-2701). A bug in the way Mozilla handles certain Unicode sequences could be used to execute arbitrary code via viewing a specially crafted Unicode sequence (CVE-2005-2702). A bug in the way Mozilla makes XMLHttp requests could be abused by a malicious web page to exploit other proxy or server flaws from the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id19923
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19923
    titleMandrake Linux Security Advisory : mozilla (MDKSA-2005:170)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-174.NASL
    descriptionUpdated Mozilla Thunderbird packages fix various vulnerabilities : The run-mozilla.sh script, with debugging enabled, would allow local users to create or overwrite arbitrary files via a symlink attack on temporary files (CVE-2005-2353). A bug in the way Thunderbird processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file (CVE-2005-2701). A bug in the way Thunderbird handles certain Unicode sequences could be used to execute arbitrary code via viewing a specially crafted Unicode sequence (CVE-2005-2702). A bug in the way Thunderbird makes XMLHttp requests could be abused by a malicious web page to exploit other proxy or server flaws from the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id20428
    published2006-01-15
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20428
    titleMandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2005:174)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-838.NASL
    descriptionMultiple security vulnerabilities have been identified in the mozilla-firefox web browser. These vulnerabilities could allow an attacker to execute code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id19807
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19807
    titleDebian DSA-838-1 : mozilla-firefox - multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-785.NASL
    descriptionAn updated firefox package that fixes several security bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the way Firefox processes XBM image files. If a user views a specially crafted XBM file, it becomes possible to execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2701 to this issue. A bug was found in the way Firefox processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Firefox if the user views a specially crafted Unicode sequence. (CVE-2005-2702) A bug was found in the way Firefox makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id19835
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19835
    titleRHEL 4 : firefox (RHSA-2005:785)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-791.NASL
    descriptionAn updated thunderbird package that fixes various bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A bug was found in the way Thunderbird processes certain international domain names. An attacker could create a specially crafted HTML mail, which when viewed by the victim would cause Thunderbird to crash or possibly execute arbitrary code. Thunderbird as shipped with Red Hat Enterprise Linux 4 must have international domain names enabled by the user in order to be vulnerable to this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. A bug was found in the way Thunderbird processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Thunderbird if the user views a specially crafted HTML mail containing Unicode sequences. (CVE-2005-2702) A bug was found in the way Thunderbird makes XMLHttp requests. It is possible that a malicious HTML mail could leverage this flaw to exploit other proxy or server flaws from the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id21964
    published2006-07-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21964
    titleCentOS 4 : thunderbird (CESA-2005:791)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-785.NASL
    descriptionAn updated firefox package that fixes several security bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the way Firefox processes XBM image files. If a user views a specially crafted XBM file, it becomes possible to execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2701 to this issue. A bug was found in the way Firefox processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Firefox if the user views a specially crafted Unicode sequence. (CVE-2005-2702) A bug was found in the way Firefox makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id21963
    published2006-07-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21963
    titleCentOS 4 : firefox (CESA-2005:785)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200509-11.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200509-11 (Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities) The Mozilla Suite and Firefox are both vulnerable to the following issues: Tom Ferris reported a heap overflow in IDN-enabled browsers with malicious Host: headers (CAN-2005-2871).
    last seen2020-06-01
    modified2020-06-02
    plugin id19810
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19810
    titleGLSA-200509-11 : Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-963.NASL
    descriptionAn updated thunderbird package that fixes various bugs is now available for Fedora Core 4. This update has been rated as having important security impact by the Fedora Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A bug was found in the way Thunderbird processes certain international domain names. An attacker could create a specially crafted HTML file, which when viewed by the victim would cause Thunderbird to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. A bug was found in the way Thunderbird processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Thunderbird if the user views a specially crafted Unicode sequence. (CVE-2005-2702) A bug was found in the way Thunderbird makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id19884
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19884
    titleFedora Core 4 : thunderbird-1.0.7-1.1.fc4 (2005-963)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-200-1.NASL
    descriptionA buffer overflow was discovered in the XBM image handler. By tricking an user into opening a specially crafted XBM image, an attacker could exploit this to execute arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id20616
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20616
    titleUbuntu 4.10 / 5.04 : mozilla-thunderbird vulnerabilities (USN-200-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-791.NASL
    descriptionAn updated thunderbird package that fixes various bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A bug was found in the way Thunderbird processes certain international domain names. An attacker could create a specially crafted HTML mail, which when viewed by the victim would cause Thunderbird to crash or possibly execute arbitrary code. Thunderbird as shipped with Red Hat Enterprise Linux 4 must have international domain names enabled by the user in order to be vulnerable to this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. A bug was found in the way Thunderbird processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Thunderbird if the user views a specially crafted HTML mail containing Unicode sequences. (CVE-2005-2702) A bug was found in the way Thunderbird makes XMLHttp requests. It is possible that a malicious HTML mail could leverage this flaw to exploit other proxy or server flaws from the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id19995
    published2005-10-11
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19995
    titleRHEL 4 : thunderbird (RHSA-2005:791)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-866.NASL
    descriptionSeveral security-related problems have been discovered in Mozilla and derived programs. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2871 Tom Ferris discovered a bug in the IDN hostname handling of Mozilla that allows remote attackers to cause a denial of service and possibly execute arbitrary code via a hostname with dashes. - CAN-2005-2701 A buffer overflow allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag. - CAN-2005-2702 Mats Palmgren discovered a buffer overflow in the Unicode string parser that allows a specially crafted Unicode sequence to overflow a buffer and cause arbitrary code to be executed. - CAN-2005-2703 Remote attackers could spoof HTTP headers of XML HTTP requests via XMLHttpRequest and possibly use the client to exploit vulnerabilities in servers or proxies. - CAN-2005-2704 Remote attackers could spoof DOM objects via an XBL control that implements an internal XPCOM interface. - CAN-2005-2705 Georgi Guninski discovered an integer overflow in the JavaScript engine that might allow remote attackers to execute arbitrary code. - CAN-2005-2706 Remote attackers could execute JavaScript code with chrome privileges via an about: page such as about:mozilla. - CAN-2005-2707 Remote attackers could spawn windows without user interface components such as the address and status bar that could be used to conduct spoofing or phishing attacks. - CAN-2005-2968 Peter Zelezny discovered that shell metacharacters are not properly escaped when they are passed to a shell script and allow the execution of arbitrary commands, e.g. when a malicious URL is automatically copied from another program into Mozilla as default browser.
    last seen2020-06-01
    modified2020-06-02
    plugin id20063
    published2005-10-20
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20063
    titleDebian DSA-866-1 : mozilla - several vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-868.NASL
    descriptionSeveral security-related problems have been discovered in Mozilla and derived programs. Some of the following problems don
    last seen2020-06-01
    modified2020-06-02
    plugin id20071
    published2005-10-24
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20071
    titleDebian DSA-868-1 : mozilla-thunderbird - several vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-789.NASL
    descriptionUpdated mozilla packages that fix several security bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug was found in the way Mozilla processes XBM image files. If a user views a specially crafted XBM file, it becomes possible to execute arbitrary code as the user running Mozilla. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2701 to this issue. A bug was found in the way Mozilla processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Mozilla, if the user views a specially crafted Unicode sequence. (CVE-2005-2702) A bug was found in the way Mozilla makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id19837
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19837
    titleRHEL 2.1 / 3 / 4 : mozilla (RHSA-2005:789)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_8F5DD74B2C6111DAA2630001020EED82.NASL
    descriptionA Mozilla Foundation Security Advisory reports of multiple issues : Heap overrun in XBM image processing jackerror reports that an improperly terminated XBM image ending with space characters instead of the expected end tag can lead to a heap buffer overrun. This appears to be exploitable to install or run malicious code on the user
    last seen2020-06-01
    modified2020-06-02
    plugin id21473
    published2006-05-13
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21473
    titleFreeBSD : firefox & mozilla -- multiple vulnerabilities (8f5dd74b-2c61-11da-a263-0001020eed82)
  • NASL familyWindows
    NASL idMOZILLA_1711.NASL
    descriptionThe installed version of Mozilla contains various security issues, several of which are critical as they can be easily exploited to execute arbitrary shell code on the remote host.
    last seen2020-06-01
    modified2020-06-02
    plugin id19718
    published2005-09-17
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19718
    titleMozilla Browser < 1.7.12 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2005_058.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:058 (mozilla,MozillaFirefox). The web browsers Mozilla and Mozilla Firefox have been updated to contain fixes for the vulnerabilities fixed in: - Mozilla browser suite version 1.7.12 - Mozilla Firefox version 1.0.7 The security problems with their corresponding Mitre CVE ID are: - CVE-2005-2701: Heap overrun in XBM image processing - CVE-2005-2702: Crash on
    last seen2019-10-28
    modified2005-10-05
    plugin id19937
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19937
    titleSUSE-SA:2005:058: mozilla,MozillaFirefox
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-962.NASL
    descriptionAn updated thunderbird package that fixes various bugs is now available for Fedora Core 3. This update has been rated as having important security impact by the Fedora Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A bug was found in the way Thunderbird processes certain international domain names. An attacker could create a specially crafted HTML file, which when viewed by the victim would cause Thunderbird to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. A bug was found in the way Thunderbird processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Thunderbird if the user views a specially crafted Unicode sequence. (CVE-2005-2702) A bug was found in the way Thunderbird makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id19883
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19883
    titleFedora Core 3 : thunderbird-1.0.7-1.1.fc3 (2005-962)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-789.NASL
    descriptionUpdated mozilla packages that fix several security bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug was found in the way Mozilla processes XBM image files. If a user views a specially crafted XBM file, it becomes possible to execute arbitrary code as the user running Mozilla. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2701 to this issue. A bug was found in the way Mozilla processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Mozilla, if the user views a specially crafted Unicode sequence. (CVE-2005-2702) A bug was found in the way Mozilla makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id21859
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21859
    titleCentOS 3 / 4 : Mozilla (CESA-2005:789)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-927.NASL
    descriptionUpdated mozilla packages that fix several security bugs are now available for Fedora Core 4. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug was found in the way Mozilla processes XBM image files. If a user views a specially crafted XBM file, it becomes possible to execute arbitrary code as the user running Mozilla. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2701 to this issue. A bug was found in the way Mozilla processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Mozilla, if the user views a specially crafted Unicode sequence. (CVE-2005-2702) A bug was found in the way Mozilla makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id19872
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19872
    titleFedora Core 4 : mozilla-1.7.12-1.5.1 (2005-927)

Oval

  • accepted2013-04-29T04:05:02.873-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    descriptionInteger overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.
    familyunix
    idoval:org.mitre.oval:def:10367
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleInteger overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.
    version26
  • accepted2007-05-09T16:10:53.182-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    descriptionInteger overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.
    familywindows
    idoval:org.mitre.oval:def:1307
    statusaccepted
    submitted2005-11-11T12:00:00.000-04:00
    titleFirefox/Mozilla Suite JavaScript Integer Overflow
    version4

Redhat

advisories
  • rhsa
    idRHSA-2005:785
  • rhsa
    idRHSA-2005:789
  • rhsa
    idRHSA-2005:791
rpms
  • firefox-0:1.0.7-1.4.1
  • firefox-debuginfo-0:1.0.7-1.4.1
  • devhelp-0:0.9.2-2.4.7
  • devhelp-debuginfo-0:0.9.2-2.4.7
  • devhelp-devel-0:0.9.2-2.4.7
  • thunderbird-0:1.0.7-1.4.1
  • thunderbird-debuginfo-0:1.0.7-1.4.1

References