Description

The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

http://secunia.com/advisories/14938

http://secunia.com/advisories/14992

http://secunia.com/advisories/19823

http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml

http://www.mozilla.org/security/announce/mfsa2005-41.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.redhat.com/support/errata/RHSA-2005-383.html

http://www.redhat.com/support/errata/RHSA-2005-384.html

http://www.redhat.com/support/errata/RHSA-2005-386.html

http://www.redhat.com/support/errata/RHSA-2005-601.html

http://www.securityfocus.com/bid/13233

http://www.securityfocus.com/bid/15495

https://bugzilla.mozilla.org/show_bug.cgi?id=289074

https://bugzilla.mozilla.org/show_bug.cgi?id=289083

https://bugzilla.mozilla.org/show_bug.cgi?id=289961

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100017

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11291

Details

Risk Information

CVSS v2