CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.0%
The install function in Firefox 1.0.3 allows remote web sites on the
browser’s whitelist, such as update.mozilla.org or addon.mozilla.org, to
execute arbitrary Javascript with chrome privileges, leading to arbitrary
code execution on the system when combined with vulnerabilities such as
CVE-2005-1476, as demonstrated using a javascript: URL as the package icon
and a cross-site scripting (XSS) attack on a vulnerable whitelist site.