CVE-2005-2270

HIGH

Description

Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.

References

http://secunia.com/advisories/16043

http://secunia.com/advisories/16059

http://secunia.com/advisories/19823

http://securitytracker.com/id?1014470

http://www.ciac.org/ciac/bulletins/p-252.shtml

http://www.debian.org/security/2005/dsa-810

http://www.kb.cert.org/vuls/id/652366

http://www.mozilla.org/security/announce/mfsa2005-56.html

http://www.novell.com/linux/security/advisories/2005_18_sr.html

http://www.novell.com/linux/security/advisories/2005_45_mozilla.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.redhat.com/support/errata/RHSA-2005-586.html

http://www.redhat.com/support/errata/RHSA-2005-587.html

http://www.redhat.com/support/errata/RHSA-2005-601.html

http://www.securityfocus.com/bid/14242

http://www.vupen.com/english/advisories/2005/1075

https://bugzilla.mozilla.org/show_bug.cgi?id=294795

https://bugzilla.mozilla.org/show_bug.cgi?id=294799

https://bugzilla.mozilla.org/show_bug.cgi?id=295011

https://bugzilla.mozilla.org/show_bug.cgi?id=296397

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100003

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11751

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A550

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A817

Details

Source: MITRE

Published: 2005-07-13

Updated: 2017-10-11

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH