Vulnerability Name:

CVE-2005-2704 (CCN-22824)

Assigned:2005-09-22
Published:2005-09-22
Updated:2017-10-11
Summary:Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: SCO
Type: UNKNOWN
SCOSA-2005.49

Source: CCN
Type: BugTraq Mailing List, Thu Oct 20 2005 - 10:11:33 CDT
New Mozilla Thunderbird packages fix several vulnerabilities

Source: MITRE
Type: CNA
CVE-2005-2704

Source: CCN
Type: RHSA-2005-785
firefox security update

Source: CCN
Type: RHSA-2005-789
mozilla security update

Source: CCN
Type: RHSA-2005-791
thunderbird security update

Source: CCN
Type: SA16911
Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
16911

Source: CCN
Type: SA16917
Mozilla Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
16917

Source: SECUNIA
Type: UNKNOWN
16977

Source: SECUNIA
Type: UNKNOWN
17014

Source: SECUNIA
Type: UNKNOWN
17026

Source: SECUNIA
Type: UNKNOWN
17042

Source: SECUNIA
Type: UNKNOWN
17090

Source: SECUNIA
Type: UNKNOWN
17149

Source: SECUNIA
Type: UNKNOWN
17263

Source: SECUNIA
Type: UNKNOWN
17284

Source: CCN
Type: SECTRACK ID: 1014954
Mozilla Firefox Integer/Buffer Overflows, Spoofing Bugs, and Access Control Errors Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1014954

Source: DEBIAN
Type: UNKNOWN
DSA-838

Source: DEBIAN
Type: UNKNOWN
DSA-866

Source: DEBIAN
Type: UNKNOWN
DSA-868

Source: DEBIAN
Type: DSA-838
mozilla-firefox -- multiple vulnerabilities

Source: DEBIAN
Type: DSA-866
mozilla -- several vulnerabilities

Source: DEBIAN
Type: DSA-868
mozilla-thunderbird -- several vulnerabilities

Source: CCN
Type: GLSA-200509-11
Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:169

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:170

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:174

Source: CCN
Type: Mozilla Firefox Download Web page
Firefox - Rediscover the web

Source: CCN
Type: Mozilla Suite Web page
Mozilla Suite- The All-in-One Internet Application Suite

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/mfsa2005-58.html

Source: SUSE
Type: UNKNOWN
SUSE-SA:2005:058

Source: FEDORA
Type: UNKNOWN
FLSA-2006:168375

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2005:785

Source: REDHAT
Type: UNKNOWN
RHSA-2005:789

Source: REDHAT
Type: UNKNOWN
RHSA-2005:791

Source: BID
Type: UNKNOWN
14921

Source: CCN
Type: BID-14921
Mozilla Browser/Firefox DOM Objects Spoofing Vulnerability

Source: BID
Type: UNKNOWN
15495

Source: CCN
Type: BID-15495
SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Multiple Vulnerabilities Fixed

Source: CCN
Type: USN-186-1
Mozilla and Firefox vulnerabilities

Source: CCN
Type: USN-186-2
Ubuntu 4.10 packages for USN-186-1 Firefox security update

Source: CCN
Type: USN-200-1
Thunderbird vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-200-1

Source: VUPEN
Type: UNKNOWN
ADV-2005-1824

Source: XF
Type: UNKNOWN
mozilla-xbl-dom-spoofing(22824)

Source: XF
Type: UNKNOWN
mozilla-thunderbird-xml-object-spoof(22824)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1272

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9784

Source: SUSE
Type: SUSE-SA:2005:058
mozillaMozillaFirefox: remote command execution

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version <= 1.0.6)
  • OR cpe:/a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:*:*:*:*:*:*:*:* (Version <= 1.7.11)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20052704
    V
    		CVE-2005-2704
    2015-11-16
    oval:org.mitre.oval:def:9784
    V
    		Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.
    2013-04-29
    oval:org.mitre.oval:def:1272
    V
    		Object Spoofing using XBL Vulnerability
    2007-05-09
    oval:org.debian:def:866
    V
    		several vulnerabilities
    2005-10-20
    oval:org.debian:def:868
    V
    		several vulnerabilities
    2005-10-20
    oval:com.redhat.rhsa:def:20050791
    P
    		RHSA-2005:791: thunderbird security update (Important)
    2005-10-06
    oval:org.debian:def:838
    V
    		multiple vulnerabilities
    2005-10-02
    oval:com.redhat.rhsa:def:20050785
    P
    		RHSA-2005:785: firefox security update (Critical)
    2005-09-22
    oval:com.redhat.rhsa:def:20050789
    P
    		RHSA-2005:789: mozilla security update (Critical)
    2005-09-22
    BACK
    mozilla firefox 1.0
    mozilla firefox 1.0.1
    mozilla firefox 1.0.2
    mozilla firefox 1.0.3
    mozilla firefox 1.0.4
    mozilla firefox 1.0.5
    mozilla firefox *
    mozilla mozilla suite 1.7.6
    mozilla mozilla suite 1.7.7
    mozilla mozilla suite 1.7.8
    mozilla mozilla suite 1.7.10
    mozilla mozilla suite *
    mozilla firefox 1.0
    mozilla mozilla suite 1.7.6
    mozilla firefox 1.0.1
    mozilla firefox 1.0.2
    mozilla firefox 1.0.3
    mozilla mozilla suite 1.7.7
    mozilla firefox 1.0.4
    mozilla mozilla suite 1.7.8
    mozilla firefox 1.0.6
    mozilla mozilla suite 1.7.11
    mozilla firefox 1.0.5
    mozilla mozilla suite 1.7.10
    gentoo linux *
    suse linux enterprise server 8
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    suse suse linux 9.0
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    suse suse linux 9.1
    redhat enterprise linux 3
    suse suse linux 9.2
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    suse linux enterprise server 9
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0
    suse suse linux 9.3