CVE-2005-0989

2005-05-0204:00:00

mitre

web.nvd.nist.gov

cve-2005-0989

javascript engine

remote code execution

security vulnerability

mozilla suite

firefox

netscape

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.924

Percentile

99.0%

JSON

The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.

Affected configurations

Nvd

Node

mozillafirefoxMatch1.0.1

mozillafirefoxMatch1.0.2

mozillamozillaMatch1.7.6

netscapenavigatorMatch7.2

VendorProductVersionCPE
mozillafirefox1.0.1cpe:/a:mozilla:firefox:1.0.1:::
netscapenavigator7.2cpe:/a:netscape:navigator:7.2:::
mozillamozilla1.7.6cpe:/a:mozilla:mozilla:1.7.6:::
mozillafirefox1.0.2cpe:/a:mozilla:firefox:1.0.2:::

Vendor	Product	Version	CPE
mozilla	firefox	1.0.1	cpe:/a:mozilla:firefox:1.0.1:::
netscape	navigator	7.2	cpe:/a:netscape:navigator:7.2:::
mozilla	mozilla	1.7.6	cpe:/a:mozilla:mozilla:1.7.6:::
mozilla	firefox	1.0.2	cpe:/a:mozilla:firefox:1.0.2:::