Vulnerability Name:

CVE-2005-2705 (CCN-22377)

Assigned:2005-09-21
Published:2005-09-21
Updated:2017-10-11
Summary:Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: SCO
Type: UNKNOWN
SCOSA-2005.49

Source: MITRE
Type: CNA
CVE-2005-2705

Source: CCN
Type: RHSA-2005-785
firefox security update

Source: CCN
Type: RHSA-2005-789
mozilla security update

Source: CCN
Type: RHSA-2005-791
thunderbird security update

Source: CCN
Type: SA16911
Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
16911

Source: CCN
Type: SA16917
Mozilla Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
16917

Source: SECUNIA
Type: UNKNOWN
16977

Source: SECUNIA
Type: UNKNOWN
17014

Source: SECUNIA
Type: UNKNOWN
17026

Source: SECUNIA
Type: UNKNOWN
17042

Source: SECUNIA
Type: UNKNOWN
17090

Source: SECUNIA
Type: UNKNOWN
17149

Source: SECUNIA
Type: UNKNOWN
17263

Source: SECUNIA
Type: UNKNOWN
17284

Source: CCN
Type: SECTRACK ID: 1014954
Mozilla Firefox Integer/Buffer Overflows, Spoofing Bugs, and Access Control Errors Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1014954

Source: CCN
Type: CIAC INFORMATION BULLETIN P-310
Firefox Security Update

Source: CCN
Type: CIAC INFORMATION BULLETIN P-311
Mozilla Security Update

Source: DEBIAN
Type: UNKNOWN
DSA-838

Source: DEBIAN
Type: UNKNOWN
DSA-866

Source: DEBIAN
Type: UNKNOWN
DSA-868

Source: DEBIAN
Type: DSA-838
mozilla-firefox -- multiple vulnerabilities

Source: DEBIAN
Type: DSA-866
mozilla -- several vulnerabilities

Source: DEBIAN
Type: DSA-868
mozilla-thunderbird -- several vulnerabilities

Source: CCN
Type: GLSA-200509-11
Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:169

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:170

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:174

Source: CCN
Type: Mozilla Firefox Download Web page
Firefox - Rediscover the web

Source: CCN
Type: Mozilla Suite Download Web page
Mozilla Suite- The All-in-One Internet Application Suite

Source: CCN
Type: MFSA 2005-57
IDN heap overrun using soft-hyphens

Source: CCN
Type: MFSA 2005-58
Firefox, Mozilla Suite

Source: CONFIRM
Type: UNKNOWN
http://www.mozilla.org/security/announce/mfsa2005-58.html

Source: SUSE
Type: UNKNOWN
SUSE-SA:2005:058

Source: FEDORA
Type: UNKNOWN
FLSA-2006:168375

Source: REDHAT
Type: UNKNOWN
RHSA-2005:785

Source: REDHAT
Type: UNKNOWN
RHSA-2005:789

Source: REDHAT
Type: UNKNOWN
RHSA-2005:791

Source: BID
Type: UNKNOWN
14917

Source: CCN
Type: BID-14917
Mozilla Browser/Firefox JavaScript Engine Integer Overflow Vulnerability

Source: BID
Type: UNKNOWN
15495

Source: CCN
Type: BID-15495
SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Multiple Vulnerabilities Fixed

Source: CCN
Type: USN-186-1
Mozilla and Firefox vulnerabilities

Source: CCN
Type: USN-186-2
Ubuntu 4.10 packages for USN-186-1 Firefox security update

Source: CCN
Type: USN-200-1
Thunderbird vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-200-1

Source: VUPEN
Type: UNKNOWN
ADV-2005-1824

Source: MISC
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=303213

Source: XF
Type: UNKNOWN
mozilla-javascript-bo(22377)

Source: XF
Type: UNKNOWN
mozilla-javascript-bo(22377)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10367

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1307

Source: SUSE
Type: SUSE-SA:2005:058
mozillaMozillaFirefox: remote command execution

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version <= 1.0.6)
  • OR cpe:/a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:*:*:*:*:*:*:*:* (Version <= 1.7.11)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1::as:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20052705
    V
    		CVE-2005-2705
    2015-11-16
    oval:org.mitre.oval:def:10367
    V
    		Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.
    2013-04-29
    oval:org.mitre.oval:def:1307
    V
    		Firefox/Mozilla Suite JavaScript Integer Overflow
    2007-05-09
    oval:org.debian:def:866
    V
    		several vulnerabilities
    2005-10-20
    oval:org.debian:def:868
    V
    		several vulnerabilities
    2005-10-20
    oval:com.redhat.rhsa:def:20050791
    P
    		RHSA-2005:791: thunderbird security update (Important)
    2005-10-06
    oval:org.debian:def:838
    V
    		multiple vulnerabilities
    2005-10-02
    oval:com.redhat.rhsa:def:20050785
    P
    		RHSA-2005:785: firefox security update (Critical)
    2005-09-22
    oval:com.redhat.rhsa:def:20050789
    P
    		RHSA-2005:789: mozilla security update (Critical)
    2005-09-22
    BACK
    mozilla firefox 1.0
    mozilla firefox 1.0.1
    mozilla firefox 1.0.2
    mozilla firefox 1.0.3
    mozilla firefox 1.0.4
    mozilla firefox 1.0.5
    mozilla firefox *
    mozilla mozilla suite 1.7.6
    mozilla mozilla suite 1.7.7
    mozilla mozilla suite 1.7.8
    mozilla mozilla suite 1.7.10
    mozilla mozilla suite *
    mozilla firefox 1.0
    mozilla mozilla suite 1.7.6
    mozilla firefox 1.0.1
    mozilla firefox 1.0.2
    mozilla firefox 1.0.3
    mozilla mozilla suite 1.7.7
    mozilla firefox 1.0.4
    mozilla mozilla suite 1.7.8
    mozilla firefox 1.0.6
    mozilla mozilla suite 1.7.11
    mozilla firefox 1.0.5
    mozilla mozilla suite 1.7.10
    gentoo linux *
    suse linux enterprise server 8
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    suse suse linux 9.0
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    suse suse linux 9.1
    redhat enterprise linux 3
    suse suse linux 9.2
    mandrakesoft mandrake linux 10.1
    redhat enterprise linux 2.1
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    suse linux enterprise server 9
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0
    suse suse linux 9.3