CVE-2005-2269

Description

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202

http://www.vupen.com/english/advisories/2005/1075

http://www.securityfocus.com/bid/14242

http://www.redhat.com/support/errata/RHSA-2005-601.html

http://www.redhat.com/support/errata/RHSA-2005-587.html

http://www.redhat.com/support/errata/RHSA-2005-586.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.novell.com/linux/security/advisories/2005_45_mozilla.html

http://www.novell.com/linux/security/advisories/2005_18_sr.html

http://www.networksecurity.fi/advisories/netscape-multiple-issues.html

http://www.mozilla.org/security/announce/mfsa2005-55.html

http://www.debian.org/security/2005/dsa-810

http://www.ciac.org/ciac/bulletins/p-252.shtml

http://secunia.com/advisories/19823

http://secunia.com/advisories/16059

http://secunia.com/advisories/16044

http://secunia.com/advisories/16043

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3

EPSS