FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-1476

This CVE name corresponds to:

Entered Topic
2005-05-11 mozilla -- code execution via javascript: IconURL vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-1476 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-1476
Phase Assigned(20050509)

Description

Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.

References

Source Reference
FULLDISC 20050508 Firefox Remote Compromise Leaked
FULLDISC 20050508 Firefox Remote Compromise Technical Details
MISC http://greyhatsecurity.org/firefox.htm
MISC http://greyhatsecurity.org/vulntests/ffrc.htm
CONFIRM http://www.mozilla.org/security/announce/mfsa2005-42.html
MISC https://bugzilla.mozilla.org/show_bug.cgi?id=293302
MISC https://bugzilla.mozilla.org/show_bug.cgi?id=292691
REDHAT RHSA-2005:434
REDHAT RHSA-2005:435
SCO SCOSA-2005.49
CERT-VN VU#534710
BID 13544
BID 15495
OVAL oval:org.mitre.oval:def:10045
VUPEN ADV-2005-0493
OVAL oval:org.mitre.oval:def:100002
SECTRACK 1013913
SECUNIA 15292
XF mozilla-javascript-code-execution(20443)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.