Lucene search

[email protected]NVD:CVE-2005-1159

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-1159

2005-05-0204:00:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

High

EPSS

0.015

Percentile

86.8%

JSON

The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.

Affected configurations

Nvd

Node

mozillafirefoxMatch0.8

mozillafirefoxMatch0.9

mozillafirefoxMatch0.9rc

mozillafirefoxMatch0.9.1

mozillafirefoxMatch0.9.2

mozillafirefoxMatch0.9.3

mozillafirefoxMatch0.10

mozillafirefoxMatch0.10.1

mozillafirefoxMatch1.0

mozillafirefoxMatch1.0.1

mozillafirefoxMatch1.0.2

mozillamozillaMatch1.3

mozillamozillaMatch1.4

mozillamozillaMatch1.4alpha

mozillamozillaMatch1.4.1

mozillamozillaMatch1.5

mozillamozillaMatch1.5alpha

mozillamozillaMatch1.5rc1

mozillamozillaMatch1.5rc2

mozillamozillaMatch1.5.1

mozillamozillaMatch1.6

mozillamozillaMatch1.6alpha

mozillamozillaMatch1.6beta

mozillamozillaMatch1.7

mozillamozillaMatch1.7alpha

mozillamozillaMatch1.7beta

mozillamozillaMatch1.7rc1

mozillamozillaMatch1.7rc2

mozillamozillaMatch1.7rc3

mozillamozillaMatch1.7.1

mozillamozillaMatch1.7.2

mozillamozillaMatch1.7.3

mozillamozillaMatch1.7.5

mozillamozillaMatch1.7.6

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

secunia.com/advisories/14938

secunia.com/advisories/14992

secunia.com/advisories/19823

securitytracker.com/id?1013742

securitytracker.com/id?1013743

www.gentoo.org/security/en/glsa/glsa-200504-18.xml

www.mozilla.org/security/announce/mfsa2005-40.html

www.novell.com/linux/security/advisories/2006_04_25.html

www.redhat.com/support/errata/RHSA-2005-383.html

www.redhat.com/support/errata/RHSA-2005-384.html

www.redhat.com/support/errata/RHSA-2005-386.html

www.redhat.com/support/errata/RHSA-2005-601.html

www.securityfocus.com/bid/13232

www.securityfocus.com/bid/15495

bugzilla.mozilla.org/show_bug.cgi?id=290162

exchange.xforce.ibmcloud.com/vulnerabilities/20123

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100018

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10629

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

High

EPSS

0.015

Percentile

86.8%

JSON

Related for NVD:CVE-2005-1159

cvelist1 cve1 ubuntucve1 nessus20 gentoo1 openvas4 redhat4 centos5 ubuntu3 osv1 debian2 suse3