CVE-2005-1532high
Description
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.
References
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://secunia.com/advisories/19823
http://securitytracker.com/id?1013964
http://securitytracker.com/id?1013965
http://www.mozilla.org/security/announce/mfsa2005-44.html
http://www.novell.com/linux/security/advisories/2006_04_25.html
http://www.redhat.com/support/errata/RHSA-2005-434.html
http://www.redhat.com/support/errata/RHSA-2005-435.html
http://www.redhat.com/support/errata/RHSA-2005-601.html
http://www.securityfocus.com/bid/13645
http://www.securityfocus.com/bid/15495
http://www.vupen.com/english/advisories/2005/0530
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791