Lucene search

[email protected]NVD:CVE-2005-2263

HistoryJul 13, 2005 - 4:00 a.m.

CVE-2005-2263

2005-07-1304:00:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

High

EPSS

0.025

Percentile

90.1%

JSON

The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.

Affected configurations

NVD

Node

mozillafirefoxMatch0.8

mozillafirefoxMatch0.9

mozillafirefoxMatch0.9rc

mozillafirefoxMatch0.9.1

mozillafirefoxMatch0.9.2

mozillafirefoxMatch0.9.3

mozillafirefoxMatch0.10

mozillafirefoxMatch0.10.1

mozillafirefoxMatch1.0

mozillafirefoxMatch1.0.1

mozillafirefoxMatch1.0.2

mozillafirefoxMatch1.0.3

mozillafirefoxMatch1.0.4

mozillamozillaMatch1.3

mozillamozillaMatch1.4

mozillamozillaMatch1.4alpha

mozillamozillaMatch1.4.1

mozillamozillaMatch1.5

mozillamozillaMatch1.5alpha

mozillamozillaMatch1.5rc1

mozillamozillaMatch1.5rc2

mozillamozillaMatch1.5.1

mozillamozillaMatch1.6

mozillamozillaMatch1.6alpha

mozillamozillaMatch1.6beta

mozillamozillaMatch1.7

mozillamozillaMatch1.7alpha

mozillamozillaMatch1.7beta

mozillamozillaMatch1.7rc1

mozillamozillaMatch1.7rc2

mozillamozillaMatch1.7rc3

mozillamozillaMatch1.7.1

mozillamozillaMatch1.7.2

mozillamozillaMatch1.7.3

mozillamozillaMatch1.7.5

mozillamozillaMatch1.7.6

mozillamozillaMatch1.7.7

mozillamozillaMatch1.7.8

References

secunia.com/advisories/16043

secunia.com/advisories/16059

www.ciac.org/ciac/bulletins/p-252.shtml

www.debian.org/security/2005/dsa-810

www.mozilla.org/security/announce/mfsa2005-48.html

www.novell.com/linux/security/advisories/2005_18_sr.html

www.novell.com/linux/security/advisories/2005_45_mozilla.html

www.redhat.com/support/errata/RHSA-2005-586.html

www.redhat.com/support/errata/RHSA-2005-587.html

www.securityfocus.com/bid/14242

www.vupen.com/english/advisories/2005/1075

bugzilla.mozilla.org/show_bug.cgi?id=293331

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100010

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100016

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11629

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1281

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1311

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

High

EPSS

0.025

Percentile

90.1%

JSON

Related for NVD:CVE-2005-2263

ubuntucve1 cvelist1 cve1 osv3 debian6 openvas12 nessus18 centos3 ubuntu3 freebsd1 redhat2 suse1