CVE-2005-1531

high

Description

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."

References

http://securitytracker.com/id?1013962

http://securitytracker.com/id?1013963

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100015

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10351

http://www.mozilla.org/security/announce/mfsa2005-43.html

http://www.redhat.com/support/errata/RHSA-2005-434.html

http://www.redhat.com/support/errata/RHSA-2005-435.html

http://www.vupen.com/english/advisories/2005/0530

Details

Published: 2005-05-12

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High