| Vulnerability Name: | CVE-2005-1476 (CCN-20443) | ||||||||||||||||||||
| Assigned: | 2005-05-08 | ||||||||||||||||||||
| Published: | 2005-05-08 | ||||||||||||||||||||
| Updated: | 2017-10-11 | ||||||||||||||||||||
| Summary: | Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477. | ||||||||||||||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P) 4.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
4.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: SCO Type: UNKNOWN SCOSA-2005.49 Source: MITRE Type: CNA CVE-2005-1476 Source: MITRE Type: CNA CVE-2005-1477 Source: MISC Type: UNKNOWN http://greyhatsecurity.org/firefox.htm Source: MISC Type: Exploit http://greyhatsecurity.org/vulntests/ffrc.htm Source: FULLDISC Type: UNKNOWN 20050508 Firefox Remote Compromise Leaked Source: FULLDISC Type: UNKNOWN 20050508 Firefox Remote Compromise Technical Details Source: CCN Type: RHSA-2005-434 firefox security update Source: CCN Type: RHSA-2005-435 mozilla security update Source: CCN Type: SA15292 Mozilla Firefox Two Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 15292 Source: CCN Type: SECTRACK ID: 1013913 Firefox onload() History Access Bug and Install Function Scripting Execution Flaw Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1013913 Source: CCN Type: CIAC INFORMATION BULLETIN P-206 Mozilla & Firefox Security Update Source: CCN Type: GLSA-200505-11 Mozilla Suite, Mozilla Firefox: Remote compromise Source: CCN Type: US-CERT VU#534710 Mozilla fails to properly prevent JavaScript: URIs containing eval() from being executed in the context of other URIs in the history list Source: CERT-VN Type: US Government Resource VU#534710 Source: CCN Type: US-CERT VU#648758 Mozilla Firefox executes JavaScript in the IconURL parameter of InstallTrigger.install() with chrome privileges Source: CCN Type: MFSA 2005-42 Code execution via javascript IconURL Source: CONFIRM Type: Vendor Advisory http://www.mozilla.org/security/announce/mfsa2005-42.html Source: REDHAT Type: UNKNOWN RHSA-2005:434 Source: REDHAT Type: UNKNOWN RHSA-2005:435 Source: BID Type: UNKNOWN 13544 Source: CCN Type: BID-13544 Mozilla Firefox Install Method Remote Arbitrary Code Execution Vulnerability Source: BID Type: UNKNOWN 15495 Source: CCN Type: BID-15495 SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Multiple Vulnerabilities Fixed Source: VUPEN Type: UNKNOWN ADV-2005-0493 Source: MISC Type: UNKNOWN https://bugzilla.mozilla.org/show_bug.cgi?id=292691 Source: CCN Type: Mozilla.org Web site Bugzilla Bug 293302 - Firefox 1.0.3 Critical Vulnerability Source: MISC Type: UNKNOWN https://bugzilla.mozilla.org/show_bug.cgi?id=293302 Source: XF Type: UNKNOWN mozilla-javascript-code-execution(20443) Source: XF Type: UNKNOWN mozilla-javascript-code-execution(20443) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:100002 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10045 | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||