CVE-2005-1159

critical

Description

The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10629

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100018

https://exchange.xforce.ibmcloud.com/vulnerabilities/20123

https://bugzilla.mozilla.org/show_bug.cgi?id=290162

http://www.securityfocus.com/bid/15495

http://www.securityfocus.com/bid/13232

http://www.redhat.com/support/errata/RHSA-2005-601.html

http://www.redhat.com/support/errata/RHSA-2005-386.html

http://www.redhat.com/support/errata/RHSA-2005-384.html

http://www.redhat.com/support/errata/RHSA-2005-383.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.mozilla.org/security/announce/mfsa2005-40.html

http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml

http://securitytracker.com/id?1013743

http://securitytracker.com/id?1013742

http://secunia.com/advisories/19823

http://secunia.com/advisories/14992

http://secunia.com/advisories/14938

Details

Source: Mitre, NVD

Published: 2005-05-02

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.0369