CVE-2005-1157

critical

Description

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961

https://exchange.xforce.ibmcloud.com/vulnerabilities/20125

https://bugzilla.mozilla.org/show_bug.cgi?id=290037

http://www.securityfocus.com/bid/15495

http://www.redhat.com/support/errata/RHSA-2005-386.html

http://www.redhat.com/support/errata/RHSA-2005-384.html

http://www.redhat.com/support/errata/RHSA-2005-383.html

http://www.mozilla.org/security/announce/mfsa2005-38.html

http://secunia.com/advisories/14996

http://secunia.com/advisories/14992

http://secunia.com/advisories/14938

Details

Source: Mitre, NVD

Published: 2005-05-02

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.07353