CVE-2005-2262 | Vulnerability Database | Aqua Security

Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the Set As Wallpaper (in Firefox) or Set as Background (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka Firewalling.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	1.0.3 (including)	1.0.3 (including)
Firefox	Mozilla	1.0.4 (including)	1.0.4 (including)
Red Hat Enterprise Linux 4	RedHat	firefox-0:1.0.6-1.4.1	*

References

http://secunia.com/advisories/16043
http://secunia.com/advisories/16044
http://www.ciac.org/ciac/bulletins/p-252.shtml
http://www.mikx.de/firewalling/
http://www.mozilla.org/security/announce/mfsa2005-47.html
http://www.networksecurity.fi/advisories/netscape-multiple-issues.html
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
http://www.redhat.com/support/errata/RHSA-2005-586.html
http://www.securiteam.com/securitynews/5ZP0E0UGAK.html
http://www.securityfocus.com/bid/14242
http://www.vupen.com/english/advisories/2005/1075
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11097
http://secunia.com/advisories/16043
http://secunia.com/advisories/16044
http://www.ciac.org/ciac/bulletins/p-252.shtml
http://www.mikx.de/firewalling/
http://www.mozilla.org/security/announce/mfsa2005-47.html
http://www.networksecurity.fi/advisories/netscape-multiple-issues.html
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
http://www.redhat.com/support/errata/RHSA-2005-586.html
http://www.securiteam.com/securitynews/5ZP0E0UGAK.html
http://www.securityfocus.com/bid/14242
http://www.vupen.com/english/advisories/2005/1075
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11097

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-2262
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html