Published: 02/05/2005 Updated: 11/10/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Firefox prior to 1.0.3 and Mozilla Suite prior to 1.7.7, when blocking a popup, allows remote malicious users to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 0.8
mozilla firefox 0.9
mozilla mozilla 1.3
mozilla mozilla 1.4
mozilla mozilla 1.5
mozilla mozilla 1.6
mozilla mozilla 1.7.5
mozilla mozilla 1.7.6
mozilla firefox 0.9.3
mozilla firefox 1.0
mozilla mozilla 1.5.1
mozilla mozilla 1.7
mozilla mozilla 1.7.1
mozilla firefox 0.9.1
mozilla firefox 0.9.2
mozilla mozilla 1.4.1
mozilla firefox 0.10
mozilla firefox 0.10.1
mozilla firefox 1.0.1
mozilla firefox 1.0.2
mozilla mozilla 1.7.2
mozilla mozilla 1.7.3

Synopsis firefox security update Type/Severity Security Advisory: Important Topic Updated firefox packages that fix various security bugs are now availableThis update has been rated as having Important security impact by the RedHat Security Response Team Description Mozilla Firefox is an ...

Synopsis Mozilla security update Type/Severity Security Advisory: Important Topic Updated Mozilla packages that fix various security bugs are now availableThis update has been rated as having Important security impact by the RedHat Security Response Team Description Mozilla is an open sou ...

Synopsis Mozilla security update Type/Severity Security Advisory: Important Topic Updated mozilla packages that fix various security bugs are now availableThis update has been rated as having Important security impact by the RedHat Security Response Team Description Mozilla is an open sou ...

When a popup is blocked the user is given the ability to open that popup through the popup-blocking status bar icon and, in Firefox, through the information bar Doron Rosenberg noticed that popups which are permitted by the user were executed with elevated privileges, which could be abused to automatically install and execute arbitrary code with ...

USN-149-1 fixed some vulnerabilities in the Ubuntu 504 (Hoary Hedgehog) version of Firefox The version shipped with Ubuntu 410 (Warty Warthog) is also vulnerable to these flaws, so it needs to be upgraded as well Please see ...

NVD-CWE-Other http://www.mozilla.org/security/announce/mfsa2005-35.html https://bugzilla.mozilla.org/show_bug.cgi?id=289204 http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml http://www.redhat.com/support/errata/RHSA-2005-383.html http://www.redhat.com/support/errata/RHSA-2005-386.html http://secunia.com/advisories/14938 http://secunia.com/advisories/14992 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://www.securityfocus.com/bid/15495 http://www.redhat.com/support/errata/RHSA-2005-384.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9584 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100023 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2005:383 https://usn.ubuntu.com/124-1/

CVE-2005-1153

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect