CVE-2005-2261

HIGH

Description

Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.

References

http://secunia.com/advisories/16043

http://secunia.com/advisories/16044

http://secunia.com/advisories/16059

http://secunia.com/advisories/19823

http://www.ciac.org/ciac/bulletins/p-252.shtml

http://www.debian.org/security/2005/dsa-810

http://www.mozilla.org/security/announce/mfsa2005-46.html

http://www.networksecurity.fi/advisories/netscape-multiple-issues.html

http://www.novell.com/linux/security/advisories/2005_18_sr.html

http://www.novell.com/linux/security/advisories/2005_45_mozilla.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.redhat.com/support/errata/RHSA-2005-586.html

http://www.redhat.com/support/errata/RHSA-2005-587.html

http://www.redhat.com/support/errata/RHSA-2005-601.html

http://www.securityfocus.com/bid/14242

http://www.vupen.com/english/advisories/2005/1075

https://bugzilla.mozilla.org/show_bug.cgi?id=292589

https://bugzilla.mozilla.org/show_bug.cgi?id=292591

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100012

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10947

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1348

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A808

Details

Source: MITRE

Published: 2005-07-13

Updated: 2017-10-11

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
21952CentOS 4 : thunderbird (CESA-2005:601)NessusCentOS Local Security Checks
high
21949CentOS 4 : firefox (CESA-2005:586)NessusCentOS Local Security Checks
high
21844CentOS 3 / 4 : mozilla (CESA-2005:587)NessusCentOS Local Security Checks
high
20560Ubuntu 4.10 / 5.04 : mozilla-thunderbird vulnerabilities (USN-157-1)NessusUbuntu Local Security Checks
high
20556Ubuntu 4.10 / 5.04 : mozilla vulnerabilities (USN-155-1)NessusUbuntu Local Security Checks
high
20546Ubuntu 4.10 : mozilla-firefox vulnerabilities (USN-149-3)NessusUbuntu Local Security Checks
high
20544Ubuntu 5.04 : mozilla-firefox vulnerabilities (USN-149-1)NessusUbuntu Local Security Checks
high
20421MDKSA-2005:127-1 : mozilla-thunderbirdNessusMandriva Local Security Checks
high
20420MDKSA-2005:120-1 : mozilla-firefoxNessusMandriva Local Security Checks
high
19888Mandrake Linux Security Advisory : mozilla (MDKSA-2005:128)NessusMandriva Local Security Checks
high
19685Debian DSA-810-1 : mozilla - several vulnerabilitiesNessusDebian Local Security Checks
high
19478Debian DSA-781-1 : mozilla-thunderbird - several vulnerabilitiesNessusDebian Local Security Checks
high
19476Debian DSA-779-2 : mozilla-firefox - several vulnerabilitiesNessusDebian Local Security Checks
high
19345FreeBSD : firefox & mozilla -- multiple vulnerabilities (5d72701a-f601-11d9-bcd1-02061b08fc24)NessusFreeBSD Local Security Checks
high
19285RHEL 2.1 / 3 / 4 : mozilla (RHSA-2005:587)NessusRed Hat Local Security Checks
high
19277RHEL 4 : thunderbird (RHSA-2005:601)NessusRed Hat Local Security Checks
high
19269Mozilla Thunderbird < 1.0.6 Multiple VulnerabilitiesNessusWindows
high
19268RHEL 4 : firefox (RHSA-2005:586)NessusRed Hat Local Security Checks
high
3099Mozilla Firefox < 1.0.6 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3067Mozilla Firefox < 1.7.10 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3066Mozilla Firefox < 1.0.5 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
18813Mozilla Browser < 1.7.9 Multiple VulnerabilitiesNessusWindows
high
18689Firefox < 1.0.6 Multiple VulnerabilitiesNessusWindows
high
801257Mozilla Browser < 1.7.10 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801217Mozilla Firefox < 1.0.5 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800777Firefox < 1.0.6 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high