Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://secunia.com/advisories/16911
http://secunia.com/advisories/16917
http://secunia.com/advisories/16977
http://secunia.com/advisories/17014
http://secunia.com/advisories/17026
http://secunia.com/advisories/17042
http://secunia.com/advisories/17090
http://secunia.com/advisories/17149
http://secunia.com/advisories/17263
http://secunia.com/advisories/17284
http://securitytracker.com/id?1014954
http://www.debian.org/security/2005/dsa-838
http://www.debian.org/security/2005/dsa-866
http://www.debian.org/security/2005/dsa-868
http://www.mandriva.com/security/advisories?name=MDKSA-2005:169
http://www.mandriva.com/security/advisories?name=MDKSA-2005:170
http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
http://www.mozilla.org/security/announce/mfsa2005-58.html
http://www.novell.com/linux/security/advisories/2005_58_mozilla.html
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
http://www.redhat.com/support/errata/RHSA-2005-785.html
http://www.redhat.com/support/errata/RHSA-2005-789.html
http://www.redhat.com/support/errata/RHSA-2005-791.html
http://www.securityfocus.com/bid/14918
http://www.securityfocus.com/bid/15495
http://www.ubuntu.com/usn/usn-200-1
http://www.vupen.com/english/advisories/2005/1824
https://exchange.xforce.ibmcloud.com/vulnerabilities/22375
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1150
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11609
Source: MITRE
Published: 2005-09-23
Updated: 2017-10-11
Type: NVD-CWE-Other
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
OR
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 1.0.6 (inclusive)
cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:* versions up to 1.7.11 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
21964 | CentOS 4 : thunderbird (CESA-2005:791) | Nessus | CentOS Local Security Checks | high |
21963 | CentOS 4 : firefox (CESA-2005:785) | Nessus | CentOS Local Security Checks | high |
21859 | CentOS 3 / 4 : Mozilla (CESA-2005:789) | Nessus | CentOS Local Security Checks | high |
21473 | FreeBSD : firefox & mozilla -- multiple vulnerabilities (8f5dd74b-2c61-11da-a263-0001020eed82) | Nessus | FreeBSD Local Security Checks | high |
20616 | Ubuntu 4.10 / 5.04 : mozilla-thunderbird vulnerabilities (USN-200-1) | Nessus | Ubuntu Local Security Checks | high |
20597 | Ubuntu 4.10 / 5.04 : mozilla, mozilla-firefox vulnerabilities (USN-186-1) | Nessus | Ubuntu Local Security Checks | high |
20428 | Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2005:174) | Nessus | Mandriva Local Security Checks | high |
20425 | MDKSA-2005:169 : mozilla-firefox | Nessus | Mandriva Local Security Checks | high |
20071 | Debian DSA-868-1 : mozilla-thunderbird - several vulnerabilities | Nessus | Debian Local Security Checks | high |
20063 | Debian DSA-866-1 : mozilla - several vulnerabilities | Nessus | Debian Local Security Checks | high |
19995 | RHEL 4 : thunderbird (RHSA-2005:791) | Nessus | Red Hat Local Security Checks | high |
19923 | Mandrake Linux Security Advisory : mozilla (MDKSA-2005:170) | Nessus | Mandriva Local Security Checks | high |
19837 | RHEL 2.1 / 3 / 4 : mozilla (RHSA-2005:789) | Nessus | Red Hat Local Security Checks | high |
19835 | RHEL 4 : firefox (RHSA-2005:785) | Nessus | Red Hat Local Security Checks | high |
19810 | GLSA-200509-11 : Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
19807 | Debian DSA-838-1 : mozilla-firefox - multiple vulnerabilities | Nessus | Debian Local Security Checks | high |
3239 | Mozilla Firefox < 1.0.7 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
3238 | Mozilla Firefox < 1.7.12 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
19719 | Firefox < 1.0.7 Multiple Vulnerabilities | Nessus | Windows | high |
19718 | Mozilla Browser < 1.7.12 Multiple Vulnerabilities | Nessus | Windows | high |
3099 | Mozilla Firefox < 1.0.6 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
3067 | Mozilla Firefox < 1.7.10 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
3066 | Mozilla Firefox < 1.0.5 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
2902 | Mozilla Firefox < 1.7.8 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
2887 | Mozilla Firefox < 1.0.4 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
2789 | Mozilla Firefox < 1.7.7 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
2788 | Mozilla Firefox < 1.0.3 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
2703 | Mozilla Thunderbird < 1.0.2 Multiple Vulnerabilities (deprecated) | Nessus Network Monitor | SMTP Clients | medium |
2671 | Mozilla Firefox < 1.7.6 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
2652 | Mozilla Firefox < 1.0.1 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
2603 | MSN Messenger < 6.2.0205 PNG File Remote Overflow (deprecated) | Nessus Network Monitor | Internet Messengers | medium |
2602 | Microsoft Media Player Version 9 PNG Multiple Vulnerabilities (deprecated) | Nessus Network Monitor | Generic | medium |
1775 | Mozilla Firefox XML User Interface Language Browser Interface Spoofing (deprecated) | Nessus Network Monitor | Web Clients | medium |
1773 | Mozilla Firefox < 1.7.1 / Thunderbird < 0.7.1 POP3 Remote Heap Overflow (deprecated) | Nessus Network Monitor | Web Clients | medium |
1772 | Mozilla Firefox < 1.7.1 Cross-Domain Frame Loading Vulnerability (deprecated) | Nessus Network Monitor | Web Clients | medium |
1771 | Mozilla Firefox < 1.7.2 Non-FQDN SSL Certificate Spoofing | Nessus Network Monitor | Web Clients | medium |
1770 | Mozilla Firefox < 1.7.1 SSL Redirect Spoofing | Nessus Network Monitor | Web Clients | medium |
2116 | Mozilla Firefox Input Type HTML Tag Unauthorized Access (deprecated) | Nessus Network Monitor | Web Clients | medium |
801373 | Mozilla XML User Interface Language Browser Interface Spoofing | Log Correlation Engine | Web Clients | medium |
801318 | Mozilla Browser < 1.7.8 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
801295 | Mozilla Firefox < 1.0.4 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
801294 | Mozilla Browser < 1.7.12 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
801293 | Mozilla < 1.7.7 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
801292 | Mozilla Browser < 1.7.2 Non-FQDN SSL Certificate Spoofing | Log Correlation Engine | Web Clients | medium |
801263 | Mozilla < 1.7.1 SSL Redirect Spoofing | Log Correlation Engine | Web Clients | medium |
801257 | Mozilla Browser < 1.7.10 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
801229 | Mozilla Browser Input Type HTML Tag Unauthorized Access | Log Correlation Engine | Web Clients | medium |
801228 | Mozilla < 1.7.1 Cross-Domain Frame Loading Vulnerability | Log Correlation Engine | Web Clients | medium |
801221 | Mozilla Thunderbird < 1.0.2 Multiple Vulnerabilities | Log Correlation Engine | SMTP Clients | high |
801217 | Mozilla Firefox < 1.0.5 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
801215 | Mozilla < 1.7.6 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
801211 | Mozilla Browser <1.7.1 / Thunderbird < 0.7.1 SendUIDL POP3 Message Handling Remote Heap Overflow | Log Correlation Engine | Web Clients | medium |
800781 | Firefox < 1.0.7 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
800777 | Firefox < 1.0.6 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
800745 | Firefox < 1.0.3 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |