CVE-2005-1532
First published: Thu May 12 2005(Updated: )
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | =0.8 | |
| Firefox | =0.9 | |
| Firefox | =0.9-rc | |
| Firefox | =0.9.1 | |
| Firefox | =0.9.2 | |
| Firefox | =0.9.3 | |
| Firefox | =0.10 | |
| Firefox | =0.10.1 | |
| Firefox | =1.0 | |
| Firefox | =1.0.1 | |
| Firefox | =1.0.2 | |
| Firefox | =1.0.3 | |
| Mozilla Firefox | =1.3 | |
| Mozilla Firefox | =1.4 | |
| Mozilla Firefox | =1.4-alpha | |
| Mozilla Firefox | =1.4.1 | |
| Mozilla Firefox | =1.5 | |
| Mozilla Firefox | =1.5-alpha | |
| Mozilla Firefox | =1.5-rc1 | |
| Mozilla Firefox | =1.5-rc2 | |
| Mozilla Firefox | =1.5.1 | |
| Mozilla Firefox | =1.6 | |
| Mozilla Firefox | =1.6-alpha | |
| Mozilla Firefox | =1.6-beta | |
| Mozilla Firefox | =1.7 | |
| Mozilla Firefox | =1.7-alpha | |
| Mozilla Firefox | =1.7-beta | |
| Mozilla Firefox | =1.7-rc1 | |
| Mozilla Firefox | =1.7-rc2 | |
| Mozilla Firefox | =1.7-rc3 | |
| Mozilla Firefox | =1.7.1 | |
| Mozilla Firefox | =1.7.2 | |
| Mozilla Firefox | =1.7.3 | |
| Mozilla Firefox | =1.7.5 | |
| Mozilla Firefox | =1.7.6 | |
| Mozilla Firefox | =1.7.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/mfsa2005-44.html
- http://securitytracker.com/id?1013965
- http://securitytracker.com/id?1013964
- http://www.securityfocus.com/bid/15495
- http://www.redhat.com/support/errata/RHSA-2005-601.html
- http://secunia.com/advisories/19823
- http://www.securityfocus.com/bid/13645
- http://www.redhat.com/support/errata/RHSA-2005-434.html
- http://www.redhat.com/support/errata/RHSA-2005-435.html
- http://www.vupen.com/english/advisories/2005/0530
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014
Frequently Asked Questions
What is the severity of CVE-2005-1532?
CVE-2005-1532 is considered a moderate severity vulnerability due to the potential for unauthorized activities via insecure Javascript execution.
How do I fix CVE-2005-1532?
To fix CVE-2005-1532, you should update your Firefox or Mozilla Suite to versions 1.0.4 or 1.7.8 or later.
What types of software are affected by CVE-2005-1532?
CVE-2005-1532 affects multiple versions of Firefox up to 1.0.3 and various versions of Mozilla Suite.
What can attackers do with CVE-2005-1532?
Attackers can leverage CVE-2005-1532 to conduct unauthorized activities through non-DOM property overrides in the calling context.
Is there a workaround for CVE-2005-1532 until a patch is applied?
Currently, the best workaround for CVE-2005-1532 is to disable or limit the use of Javascript in the affected browsers.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/mozilla
- canonical/firefox
- version/firefox/0.8
- version/firefox/0.9
- version/firefox/0.9-rc
- version/firefox/0.9.1
- version/firefox/0.9.2
- version/firefox/0.9.3
- version/firefox/0.10
- version/firefox/0.10.1
- version/firefox/1.0
- version/firefox/1.0.1
- version/firefox/1.0.2
- version/firefox/1.0.3
- canonical/mozilla firefox
- version/mozilla firefox/1.3
- version/mozilla firefox/1.4
- version/mozilla firefox/1.4-alpha
- version/mozilla firefox/1.4.1
- version/mozilla firefox/1.5
- version/mozilla firefox/1.5-alpha
- version/mozilla firefox/1.5-rc1
- version/mozilla firefox/1.5-rc2
- version/mozilla firefox/1.5.1
- version/mozilla firefox/1.6
- version/mozilla firefox/1.6-alpha
- version/mozilla firefox/1.6-beta
- version/mozilla firefox/1.7
- version/mozilla firefox/1.7-alpha
- version/mozilla firefox/1.7-beta
- version/mozilla firefox/1.7-rc1
- version/mozilla firefox/1.7-rc2
- version/mozilla firefox/1.7-rc3
- version/mozilla firefox/1.7.1
- version/mozilla firefox/1.7.2
- version/mozilla firefox/1.7.3
- version/mozilla firefox/1.7.5
- version/mozilla firefox/1.7.6
- version/mozilla firefox/1.7.7