CVE-2005-2269

Description

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").

References

http://secunia.com/advisories/16043

http://secunia.com/advisories/16044

http://secunia.com/advisories/16059

http://secunia.com/advisories/19823

http://www.ciac.org/ciac/bulletins/p-252.shtml

http://www.debian.org/security/2005/dsa-810

http://www.mozilla.org/security/announce/mfsa2005-55.html

http://www.networksecurity.fi/advisories/netscape-multiple-issues.html

http://www.novell.com/linux/security/advisories/2005_18_sr.html

http://www.novell.com/linux/security/advisories/2005_45_mozilla.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.redhat.com/support/errata/RHSA-2005-586.html

http://www.redhat.com/support/errata/RHSA-2005-587.html

http://www.redhat.com/support/errata/RHSA-2005-601.html

http://www.securityfocus.com/bid/14242

http://www.vupen.com/english/advisories/2005/1075

https://bugzilla.mozilla.org/show_bug.cgi?id=298892

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777

Details

Risk Information

CVSS v2