Vulnerability Name: CVE-2005-1157 (CCN-20125) Assigned: 2005-04-15 Published: 2005-04-15 Updated: 2017-10-11 Summary: Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2." CVSS v3 Severity: 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: SCO Type: UNKNOWNSCOSA-2005.49 Source: MITRE Type: CNACVE-2005-1156 Source: MITRE Type: CNACVE-2005-1157 Source: CCN Type: RHSA-2005-383firefox security update Source: CCN Type: RHSA-2005-384Mozilla security update Source: CCN Type: RHSA-2005-386Mozilla security update Source: CCN Type: SA14938Mozilla Firefox Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory14938 Source: CCN Type: SA14992Mozilla Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory14992 Source: CCN Type: SA14996Netscape Two Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory14996 Source: CCN Type: SECTRACK ID: 1013745Firefox Search Plug-in Lets Remote Users Execute Scripting Code in Active Tabs Source: CCN Type: CIAC INFORMATION BULLETIN P-190Firefox Security Bugs Source: CCN Type: CIAC INFORMATION BULLETIN P-193Mozilla Security Bugs Source: CCN Type: GLSA-200504-18Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities Source: MISC Type: Exploithttp://www.mikx.de/firesearching/ Source: CCN Type: Mozilla Firefox Download Web pageFirefox - Rediscover the web Source: CCN Type: Mozilla Suite Download Web pageMozilla Suite Source: CCN Type: MFSA 2005-38Search plugin cross-site scripting Source: CONFIRM Type: Vendor Advisoryhttp://www.mozilla.org/security/announce/mfsa2005-38.html Source: REDHAT Type: Patch, Vendor AdvisoryRHSA-2005:383 Source: REDHAT Type: UNKNOWNRHSA-2005:384 Source: REDHAT Type: Patch, Vendor AdvisoryRHSA-2005:386 Source: BID Type: Exploit, Patch13211 Source: CCN Type: BID-13211Mozilla Suite And Firefox Search Plug-In Remote Script Code Execution Vulnerability Source: BID Type: UNKNOWN15495 Source: CCN Type: BID-15495SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Multiple Vulnerabilities Fixed Source: CCN Type: USN-124-1Mozilla and Firefox vulnerabilities Source: CCN Type: USN-124-2Fixed packages for USN-124-1 Source: CCN Type: USN-149-3Ubuntu 4.10 update for Firefox vulnerabilities Source: CONFIRM Type: Patchhttps://bugzilla.mozilla.org/show_bug.cgi?id=290037 Source: XF Type: UNKNOWNmozilla-plugin-xss(20125) Source: XF Type: UNKNOWNmozilla-plugin-xss(20125) Source: OVAL Type: UNKNOWNoval:org.mitre.oval:def:9961 Source: SUSE Type: SUSE-SA:2005:028Mozilla Firefox: various security problems Vulnerable Configuration: Configuration 1 :cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.10:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.10.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:* OR cpe:/a:netscape:navigator:7.2:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:mozilla:mozilla:1.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:* OR cpe:/a:netscape:navigator:7.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.10.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.10:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:* AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
mozilla firefox 0.8
mozilla firefox 0.9
mozilla firefox 0.9 rc
mozilla firefox 0.9.1
mozilla firefox 0.9.2
mozilla firefox 0.9.3
mozilla firefox 0.10
mozilla firefox 0.10.1
mozilla firefox 1.0
mozilla firefox 1.0.1
mozilla firefox 1.0.2
mozilla mozilla 1.3
mozilla mozilla 1.4
mozilla mozilla 1.4 alpha
mozilla mozilla 1.4.1
mozilla mozilla 1.5
mozilla mozilla 1.5 alpha
mozilla mozilla 1.5 rc1
mozilla mozilla 1.5 rc2
mozilla mozilla 1.5.1
mozilla mozilla 1.6
mozilla mozilla 1.6 alpha
mozilla mozilla 1.6 beta
mozilla mozilla 1.7
mozilla mozilla 1.7 alpha
mozilla mozilla 1.7 beta
mozilla mozilla 1.7 rc1
mozilla mozilla 1.7 rc2
mozilla mozilla 1.7 rc3
mozilla mozilla 1.7.1
mozilla mozilla 1.7.2
mozilla mozilla 1.7.3
mozilla mozilla 1.7.5
mozilla mozilla 1.7.6
netscape navigator 7.2
mozilla mozilla 1.3
mozilla mozilla 1.4
mozilla mozilla 1.6
mozilla mozilla 1.7 rc3
mozilla firefox 0.8
mozilla firefox 0.9 rc
mozilla mozilla 1.7
mozilla mozilla 1.7.1
mozilla firefox 0.9.2
mozilla firefox 0.9.1
mozilla firefox 0.9.3
netscape navigator 7.2
mozilla mozilla 1.7.2
mozilla mozilla 1.7.3
mozilla firefox 0.10.1
mozilla firefox 1.0
mozilla mozilla 1.7.5
mozilla firefox 1.0.1
mozilla firefox 1.0.2
mozilla mozilla 1.7.6
mozilla firefox 0.10
mozilla firefox 0.9
mozilla mozilla 1.4.1
mozilla mozilla 1.4 alpha
mozilla mozilla 1.5
mozilla mozilla 1.5.1
mozilla mozilla 1.5 alpha
mozilla mozilla 1.5 rc1
mozilla mozilla 1.5 rc2
mozilla mozilla 1.6 alpha
mozilla mozilla 1.6 beta
mozilla mozilla 1.7.4
mozilla mozilla 1.7 alpha
mozilla mozilla 1.7 beta
mozilla mozilla 1.7 rc1
mozilla mozilla 1.7 rc2
gentoo linux *
suse linux enterprise server 8
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
suse suse linux 8.2
suse suse linux 9.0
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
suse suse linux 9.1
redhat enterprise linux 3
suse suse linux 9.2
mandrakesoft mandrake linux 10.1
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux 4
redhat enterprise linux 4
novell linux desktop 9
redhat enterprise linux 4
redhat enterprise linux 4
redhat linux advanced workstation 2.1
mandrakesoft mandrake linux 10.1
mandrakesoft mandrake linux corporate server 3.0
suse suse linux 9.3