CVE-2005-2264 | Vulnerability Database | Aqua Security

Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	0.8 (including)	0.8 (including)
Firefox	Mozilla	0.9 (including)	0.9 (including)
Firefox	Mozilla	0.9-rc (including)	0.9-rc (including)
Firefox	Mozilla	0.9.1 (including)	0.9.1 (including)
Firefox	Mozilla	0.9.2 (including)	0.9.2 (including)
Firefox	Mozilla	0.9.3 (including)	0.9.3 (including)
Firefox	Mozilla	0.10 (including)	0.10 (including)
Firefox	Mozilla	0.10.1 (including)	0.10.1 (including)
Firefox	Mozilla	1.0 (including)	1.0 (including)
Firefox	Mozilla	1.0.1 (including)	1.0.1 (including)
Firefox	Mozilla	1.0.2 (including)	1.0.2 (including)
Firefox	Mozilla	1.0.3 (including)	1.0.3 (including)
Firefox	Mozilla	1.0.4 (including)	1.0.4 (including)
Red Hat Enterprise Linux 4	RedHat	firefox-0:1.0.6-1.4.1	*

References

http://secunia.com/advisories/16043
http://www.ciac.org/ciac/bulletins/p-252.shtml
http://www.mozilla.org/security/announce/mfsa2005-49.html
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
http://www.redhat.com/support/errata/RHSA-2005-586.html
http://www.securityfocus.com/bid/14242
http://www.vupen.com/english/advisories/2005/1075
https://bugzilla.mozilla.org/show_bug.cgi?id=294074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100009
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9887

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-2264
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html