Vulnerability Name:

CVE-2005-2706 (CCN-22378)

Assigned:2005-09-21
Published:2005-09-21
Updated:2017-10-11
Summary:Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: SCO
Type: UNKNOWN
SCOSA-2005.49

Source: MITRE
Type: CNA
CVE-2005-2706

Source: CCN
Type: RHSA-2005-785
firefox security update

Source: CCN
Type: RHSA-2005-789
mozilla security update

Source: CCN
Type: RHSA-2005-791
thunderbird security update

Source: CCN
Type: SA16911
Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
16911

Source: CCN
Type: SA16917
Mozilla Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
16917

Source: SECUNIA
Type: UNKNOWN
16977

Source: SECUNIA
Type: UNKNOWN
17014

Source: SECUNIA
Type: UNKNOWN
17026

Source: SECUNIA
Type: UNKNOWN
17042

Source: SECUNIA
Type: UNKNOWN
17090

Source: SECUNIA
Type: UNKNOWN
17149

Source: SECUNIA
Type: UNKNOWN
17263

Source: SECUNIA
Type: UNKNOWN
17284

Source: SECUNIA
Type: UNKNOWN
19823

Source: CCN
Type: SECTRACK ID: 1014954
Mozilla Firefox Integer/Buffer Overflows, Spoofing Bugs, and Access Control Errors Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1014954

Source: CCN
Type: CIAC INFORMATION BULLETIN P-310
Firefox Security Update

Source: CCN
Type: CIAC INFORMATION BULLETIN P-311
Mozilla security update

Source: DEBIAN
Type: UNKNOWN
DSA-838

Source: DEBIAN
Type: UNKNOWN
DSA-866

Source: DEBIAN
Type: UNKNOWN
DSA-868

Source: DEBIAN
Type: DSA-838
mozilla-firefox -- multiple vulnerabilities

Source: DEBIAN
Type: DSA-866
mozilla -- several vulnerabilities

Source: DEBIAN
Type: DSA-868
mozilla-thunderbird -- several vulnerabilities

Source: CCN
Type: GLSA-200509-11
Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:169

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:170

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:174

Source: CCN
Type: Mozilla Firefox Download Web page
Firefox - Rediscover the web

Source: CCN
Type: Mozilla Suite Download Web page
Mozilla Suite- The All-in-One Internet Application Suite

Source: CCN
Type: MFSA 2005-58
Firefox, Mozilla Suite

Source: CONFIRM
Type: UNKNOWN
http://www.mozilla.org/security/announce/mfsa2005-58.html

Source: CCN
Type: MFSA 2005-59
Command-line handling on Linux allows shell execution

Source: SUSE
Type: UNKNOWN
SUSE-SA:2005:058

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:004

Source: OSVDB
Type: UNKNOWN
19648

Source: CCN
Type: OSVDB ID: 19648
Mozilla Multiple Browsers about: Page Privilege Escalation

Source: FEDORA
Type: UNKNOWN
FLSA-2006:168375

Source: REDHAT
Type: UNKNOWN
RHSA-2005:785

Source: REDHAT
Type: UNKNOWN
RHSA-2005:789

Source: REDHAT
Type: UNKNOWN
RHSA-2005:791

Source: BID
Type: UNKNOWN
14920

Source: CCN
Type: BID-14920
Mozilla Browser/Firefox Chrome Page Loading Restriction Bypass Privilege Escalation Weakness

Source: BID
Type: UNKNOWN
15495

Source: CCN
Type: BID-15495
SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Multiple Vulnerabilities Fixed

Source: CCN
Type: USN-186-1
Mozilla and Firefox vulnerabilities

Source: CCN
Type: USN-186-2
Ubuntu 4.10 packages for USN-186-1 Firefox security update

Source: CCN
Type: USN-200-1
Thunderbird vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-200-1

Source: VUPEN
Type: UNKNOWN
ADV-2005-1824

Source: XF
Type: UNKNOWN
mozilla-about-execute-code(22378)

Source: XF
Type: UNKNOWN
mozilla-about-execute-code(22378)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11317

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1443

Source: SUSE
Type: SUSE-SA:2005:058
mozillaMozillaFirefox: remote command execution

Source: SUSE
Type: SUSE-SA:2006:022
MozillaThunderbird various problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version <= 1.0.6)
  • OR cpe:/a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:*:*:*:*:*:*:*:* (Version <= 1.7.11)

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1::as:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20052706
    V
    CVE-2005-2706
    2015-11-16
    oval:org.mitre.oval:def:11317
    V
    Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.
    2013-04-29
    oval:org.mitre.oval:def:1443
    V
    Firefox/Mozilla Suite about: Scheme Privilege Escalation Vulnerability
    2007-05-09
    oval:org.debian:def:866
    V
    several vulnerabilities
    2005-10-20
    oval:org.debian:def:868
    V
    several vulnerabilities
    2005-10-20
    oval:com.redhat.rhsa:def:20050791
    P
    RHSA-2005:791: thunderbird security update (Important)
    2005-10-06
    oval:org.debian:def:838
    V
    multiple vulnerabilities
    2005-10-02
    oval:com.redhat.rhsa:def:20050785
    P
    RHSA-2005:785: firefox security update (Critical)
    2005-09-22
    oval:com.redhat.rhsa:def:20050789
    P
    RHSA-2005:789: mozilla security update (Critical)
    2005-09-22
    BACK
    mozilla firefox 1.0
    mozilla firefox 1.0.1
    mozilla firefox 1.0.2
    mozilla firefox 1.0.3
    mozilla firefox 1.0.4
    mozilla firefox 1.0.5
    mozilla firefox *
    mozilla mozilla suite 1.7.6
    mozilla mozilla suite 1.7.7
    mozilla mozilla suite 1.7.8
    mozilla mozilla suite 1.7.10
    mozilla mozilla suite *
    mozilla firefox 1.0
    mozilla mozilla suite 1.7.6
    mozilla firefox 1.0.1
    mozilla firefox 1.0.2
    mozilla firefox 1.0.3
    mozilla mozilla suite 1.7.7
    mozilla firefox 1.0.4
    mozilla mozilla suite 1.7.8
    mozilla firefox 1.0.6
    mozilla mozilla suite 1.7.11
    mozilla firefox 1.0.5
    mozilla mozilla suite 1.7.10
    gentoo linux *
    suse linux enterprise server 8
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    suse suse linux 9.0
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    suse suse linux 9.1
    redhat enterprise linux 3
    suse suse linux 9.2
    mandrakesoft mandrake linux 10.1
    redhat enterprise linux 2.1
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    suse linux enterprise server 9
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0
    suse suse linux 9.3