CVE-2005-1158 | Vulnerability Database | Aqua Security

Multiple missing security checks in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	0.8 (including)	0.8 (including)
Firefox	Mozilla	0.9 (including)	0.9 (including)
Firefox	Mozilla	0.9-rc (including)	0.9-rc (including)
Firefox	Mozilla	0.9.1 (including)	0.9.1 (including)
Firefox	Mozilla	0.9.2 (including)	0.9.2 (including)
Firefox	Mozilla	0.9.3 (including)	0.9.3 (including)
Firefox	Mozilla	0.10 (including)	0.10 (including)
Firefox	Mozilla	0.10.1 (including)	0.10.1 (including)
Firefox	Mozilla	1.0 (including)	1.0 (including)
Firefox	Mozilla	1.0.1 (including)	1.0.1 (including)
Firefox	Mozilla	1.0.2 (including)	1.0.2 (including)

References

http://secunia.com/advisories/14938
http://www.mozilla.org/security/announce/mfsa2005-39.html
http://www.redhat.com/support/errata/RHSA-2005-383.html
http://www.securityfocus.com/bid/13231
https://bugzilla.mozilla.org/show_bug.cgi?id=290079
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100019
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11734

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-1158
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html