CVE-2005-1157
First published: Mon Apr 18 2005(Updated: )
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | =0.8 | |
| Mozilla Mozilla | =1.7-alpha | |
| Mozilla Mozilla | =1.7-rc1 | |
| Mozilla Mozilla | =1.5-rc2 | |
| Mozilla Firefox | =1.0.2 | |
| Mozilla Mozilla | =1.7 | |
| Mozilla Firefox | =0.9.1 | |
| Mozilla Mozilla | =1.7.5 | |
| Mozilla Firefox | =0.10.1 | |
| Mozilla Firefox | =0.9 | |
| Netscape Navigator | =7.2 | |
| Mozilla Mozilla | =1.6-beta | |
| Mozilla Mozilla | =1.4.1 | |
| Mozilla Mozilla | =1.5-alpha | |
| Mozilla Mozilla | =1.5-rc1 | |
| Mozilla Mozilla | =1.3 | |
| Mozilla Firefox | =1.0 | |
| Mozilla Mozilla | =1.7-beta | |
| Mozilla Firefox | =1.0.1 | |
| Mozilla Mozilla | =1.4 | |
| Mozilla Mozilla | =1.5 | |
| Mozilla Mozilla | =1.7.6 | |
| Mozilla Mozilla | =1.7.1 | |
| Mozilla Firefox | =0.9.3 | |
| Mozilla Mozilla | =1.4-alpha | |
| Mozilla Mozilla | =1.5.1 | |
| Mozilla Firefox | =0.9.2 | |
| Mozilla Mozilla | =1.7.2 | |
| Mozilla Firefox | =0.9-rc | |
| Mozilla Mozilla | =1.7-rc3 | |
| Mozilla Mozilla | =1.7-rc2 | |
| Mozilla Firefox | =0.10 | |
| Mozilla Mozilla | =1.7.3 | |
| Mozilla Mozilla | =1.6-alpha | |
| Mozilla Mozilla | =1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mikx.de/firesearching/
- http://www.mozilla.org/security/announce/mfsa2005-38.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=290037
- http://www.redhat.com/support/errata/RHSA-2005-383.html
- http://www.redhat.com/support/errata/RHSA-2005-386.html
- http://www.securityfocus.com/bid/13211
- http://secunia.com/advisories/14938
- http://secunia.com/advisories/14992
- http://secunia.com/advisories/14996
- http://www.securityfocus.com/bid/15495
- http://www.redhat.com/support/errata/RHSA-2005-384.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20125
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961
Frequently Asked Questions
What is the severity of CVE-2005-1157?
CVE-2005-1157 has a medium severity level, indicating potential for compromise via manipulated search plugins.
How do I fix CVE-2005-1157?
To fix CVE-2005-1157, update to the latest version of Firefox or Mozilla Suite where this vulnerability has been addressed.
What types of software are affected by CVE-2005-1157?
CVE-2005-1157 affects multiple versions of Firefox, Mozilla Suite, and Netscape Browser, particularly those released before specific patches.
Can CVE-2005-1157 allow unauthorized access?
Yes, CVE-2005-1157 can allow remote attackers to replace search plugins, potentially allowing unauthorized actions through malicious plugins.
How can I determine if I'm using a vulnerable version related to CVE-2005-1157?
Check your browser's version against the known affected versions, including Firefox versions before 1.0.3 and Mozilla Suite versions prior to 1.7.7 for CVE-2005-1157.
- agent/type
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- agent/remedy
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- agent/first-publish-date
- agent/source
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/0.8
- canonical/mozilla mozilla
- version/mozilla mozilla/1.7-alpha
- version/mozilla mozilla/1.7-rc1
- version/mozilla mozilla/1.5-rc2
- version/mozilla firefox/1.0.2
- version/mozilla mozilla/1.7
- version/mozilla firefox/0.9.1
- version/mozilla mozilla/1.7.5
- version/mozilla firefox/0.10.1
- version/mozilla firefox/0.9
- vendor/netscape
- canonical/netscape navigator
- version/netscape navigator/7.2
- version/mozilla mozilla/1.6-beta
- version/mozilla mozilla/1.4.1
- version/mozilla mozilla/1.5-alpha
- version/mozilla mozilla/1.5-rc1
- version/mozilla mozilla/1.3
- version/mozilla firefox/1.0
- version/mozilla mozilla/1.7-beta
- version/mozilla firefox/1.0.1
- version/mozilla mozilla/1.4
- version/mozilla mozilla/1.5
- version/mozilla mozilla/1.7.6
- version/mozilla mozilla/1.7.1
- version/mozilla firefox/0.9.3
- version/mozilla mozilla/1.4-alpha
- version/mozilla mozilla/1.5.1
- version/mozilla firefox/0.9.2
- version/mozilla mozilla/1.7.2
- version/mozilla firefox/0.9-rc
- version/mozilla mozilla/1.7-rc3
- version/mozilla mozilla/1.7-rc2
- version/mozilla firefox/0.10
- version/mozilla mozilla/1.7.3
- version/mozilla mozilla/1.6-alpha
- version/mozilla mozilla/1.6