CVE-2005-2265

MEDIUM

Description

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.

References

http://secunia.com/advisories/16043

http://secunia.com/advisories/16044

http://secunia.com/advisories/16059

http://secunia.com/advisories/19823

http://www.ciac.org/ciac/bulletins/p-252.shtml

http://www.debian.org/security/2005/dsa-810

http://www.mozilla.org/security/announce/mfsa2005-50.html

http://www.networksecurity.fi/advisories/netscape-multiple-issues.html

http://www.novell.com/linux/security/advisories/2005_18_sr.html

http://www.novell.com/linux/security/advisories/2005_45_mozilla.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.redhat.com/support/errata/RHSA-2005-586.html

http://www.redhat.com/support/errata/RHSA-2005-587.html

http://www.redhat.com/support/errata/RHSA-2005-601.html

http://www.securityfocus.com/bid/14242

http://www.vupen.com/english/advisories/2005/1075

https://bugzilla.mozilla.org/show_bug.cgi?id=295854

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100008

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10397

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A417

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A781

Details

Source: MITRE

Published: 2005-07-13

Updated: 2017-10-11

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
21952CentOS 4 : thunderbird (CESA-2005:601)NessusCentOS Local Security Checks
high
21949CentOS 4 : firefox (CESA-2005:586)NessusCentOS Local Security Checks
high
21844CentOS 3 / 4 : mozilla (CESA-2005:587)NessusCentOS Local Security Checks
high
20560Ubuntu 4.10 / 5.04 : mozilla-thunderbird vulnerabilities (USN-157-1)NessusUbuntu Local Security Checks
high
20556Ubuntu 4.10 / 5.04 : mozilla vulnerabilities (USN-155-1)NessusUbuntu Local Security Checks
high
20546Ubuntu 4.10 : mozilla-firefox vulnerabilities (USN-149-3)NessusUbuntu Local Security Checks
high
20544Ubuntu 5.04 : mozilla-firefox vulnerabilities (USN-149-1)NessusUbuntu Local Security Checks
high
20421MDKSA-2005:127-1 : mozilla-thunderbirdNessusMandriva Local Security Checks
high
20420MDKSA-2005:120-1 : mozilla-firefoxNessusMandriva Local Security Checks
high
19888Mandrake Linux Security Advisory : mozilla (MDKSA-2005:128)NessusMandriva Local Security Checks
high
19685Debian DSA-810-1 : mozilla - several vulnerabilitiesNessusDebian Local Security Checks
high
19478Debian DSA-781-1 : mozilla-thunderbird - several vulnerabilitiesNessusDebian Local Security Checks
high
19476Debian DSA-779-2 : mozilla-firefox - several vulnerabilitiesNessusDebian Local Security Checks
high
19345FreeBSD : firefox & mozilla -- multiple vulnerabilities (5d72701a-f601-11d9-bcd1-02061b08fc24)NessusFreeBSD Local Security Checks
high
19285RHEL 2.1 / 3 / 4 : mozilla (RHSA-2005:587)NessusRed Hat Local Security Checks
high
19277RHEL 4 : thunderbird (RHSA-2005:601)NessusRed Hat Local Security Checks
high
19269Mozilla Thunderbird < 1.0.6 Multiple VulnerabilitiesNessusWindows
high
19268RHEL 4 : firefox (RHSA-2005:586)NessusRed Hat Local Security Checks
high
3099Mozilla Firefox < 1.0.6 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3067Mozilla Firefox < 1.7.10 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3066Mozilla Firefox < 1.0.5 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
18813Mozilla Browser < 1.7.9 Multiple VulnerabilitiesNessusWindows
high
18689Firefox < 1.0.6 Multiple VulnerabilitiesNessusWindows
high
801257Mozilla Browser < 1.7.10 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801217Mozilla Firefox < 1.0.5 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800777Firefox < 1.0.6 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high