Firefox prior to 1.0.3, Mozilla Suite prior to 1.7.7, and Netscape 7.2 allows remote malicious users to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 0.9 |
||
mozilla firefox 0.9.1 |
||
mozilla mozilla 1.4 |
||
mozilla mozilla 1.4.1 |
||
mozilla mozilla 1.6 |
||
mozilla mozilla 1.7.6 |
||
mozilla mozilla 1.7 |
||
mozilla firefox 0.10 |
||
mozilla firefox 1.0 |
||
mozilla firefox 1.0.1 |
||
mozilla mozilla 1.5.1 |
||
mozilla mozilla 1.5 |
||
mozilla mozilla 1.7.1 |
||
mozilla mozilla 1.7.2 |
||
netscape navigator 7.2 |
||
mozilla firefox 0.10.1 |
||
mozilla firefox 0.8 |
||
mozilla firefox 1.0.2 |
||
mozilla mozilla 1.3 |
||
mozilla mozilla 1.7.3 |
||
mozilla mozilla 1.7.5 |
||
mozilla firefox 0.9.2 |
||
mozilla firefox 0.9.3 |