CVE Vulnerabilities

CVE-2005-1477

Published: May 09, 2005 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.1 MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

The install function in Firefox 1.0.3 allows remote web sites on the browsers whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla 1.0.3 (including) 1.0.3 (including)
Red Hat Enterprise Linux 4 RedHat firefox-0:1.0.4-1.4.1 *
Red Hat Enterprise Linux 4 RedHat devhelp-0:0.9.2-2.4.5 *
Firefox Ubuntu dapper *
Firefox Ubuntu devel *
Firefox Ubuntu edgy *
Firefox Ubuntu feisty *
Firefox-granparadiso Ubuntu devel *
Lightning-sunbird Ubuntu devel *
Midbrowser Ubuntu devel *

References