CVE-2005-2270

critical

Description

Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A817

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A550

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11751

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100003

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202

http://www.vupen.com/english/advisories/2005/1075

http://www.securityfocus.com/bid/14242

http://www.redhat.com/support/errata/RHSA-2005-601.html

http://www.redhat.com/support/errata/RHSA-2005-587.html

http://www.redhat.com/support/errata/RHSA-2005-586.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.novell.com/linux/security/advisories/2005_45_mozilla.html

http://www.novell.com/linux/security/advisories/2005_18_sr.html

http://www.mozilla.org/security/announce/mfsa2005-56.html

http://www.kb.cert.org/vuls/id/652366

http://www.debian.org/security/2005/dsa-810

http://www.ciac.org/ciac/bulletins/p-252.shtml

http://securitytracker.com/id?1014470

http://secunia.com/advisories/19823

http://secunia.com/advisories/16059

http://secunia.com/advisories/16043

Details

Source: Mitre, NVD

Published: 2005-07-13

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.36179

Detections

Analytics