CVE-2005-1531

medium

Description

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10351

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100015

http://www.vupen.com/english/advisories/2005/0530

http://www.securityfocus.com/bid/15495

http://www.securityfocus.com/bid/13641

http://www.redhat.com/support/errata/RHSA-2005-435.html

http://www.redhat.com/support/errata/RHSA-2005-434.html

http://www.mozilla.org/security/announce/mfsa2005-43.html

http://securitytracker.com/id?1013963

http://securitytracker.com/id?1013962

Details

Source: Mitre, NVD

Published: 2005-05-12

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.02198