CVE-2005-1532
First published: Thu May 12 2005(Updated: )
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | =0.8 | |
| Mozilla Mozilla | =1.7-alpha | |
| Mozilla Mozilla | =1.7-rc1 | |
| Mozilla Mozilla | =1.5-rc2 | |
| Mozilla Firefox | =1.0.2 | |
| Mozilla Mozilla | =1.7 | |
| Mozilla Firefox | =0.9.1 | |
| Mozilla Mozilla | =1.7.5 | |
| Mozilla Firefox | =0.10.1 | |
| Mozilla Firefox | =0.9 | |
| Mozilla Mozilla | =1.6-beta | |
| Mozilla Mozilla | =1.4.1 | |
| Mozilla Mozilla | =1.5-alpha | |
| Mozilla Mozilla | =1.5-rc1 | |
| Mozilla Mozilla | =1.7.7 | |
| Mozilla Mozilla | =1.3 | |
| Mozilla Firefox | =1.0 | |
| Mozilla Mozilla | =1.7-beta | |
| Mozilla Firefox | =1.0.1 | |
| Mozilla Mozilla | =1.4 | |
| Mozilla Mozilla | =1.5 | |
| Mozilla Firefox | =1.0.3 | |
| Mozilla Mozilla | =1.7.6 | |
| Mozilla Mozilla | =1.7.1 | |
| Mozilla Firefox | =0.9.3 | |
| Mozilla Mozilla | =1.4-alpha | |
| Mozilla Mozilla | =1.5.1 | |
| Mozilla Firefox | =0.9.2 | |
| Mozilla Mozilla | =1.7.2 | |
| Mozilla Firefox | =0.9-rc | |
| Mozilla Mozilla | =1.7-rc3 | |
| Mozilla Mozilla | =1.7-rc2 | |
| Mozilla Firefox | =0.10 | |
| Mozilla Mozilla | =1.7.3 | |
| Mozilla Mozilla | =1.6-alpha | |
| Mozilla Mozilla | =1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/mfsa2005-44.html
- http://securitytracker.com/id?1013965
- http://securitytracker.com/id?1013964
- http://www.securityfocus.com/bid/15495
- http://www.redhat.com/support/errata/RHSA-2005-601.html
- http://secunia.com/advisories/19823
- http://www.securityfocus.com/bid/13645
- http://www.redhat.com/support/errata/RHSA-2005-434.html
- http://www.redhat.com/support/errata/RHSA-2005-435.html
- http://www.vupen.com/english/advisories/2005/0530
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/0.8
- canonical/mozilla mozilla
- version/mozilla mozilla/1.7-alpha
- version/mozilla mozilla/1.7-rc1
- version/mozilla mozilla/1.5-rc2
- version/mozilla firefox/1.0.2
- version/mozilla mozilla/1.7
- version/mozilla firefox/0.9.1
- version/mozilla mozilla/1.7.5
- version/mozilla firefox/0.10.1
- version/mozilla firefox/0.9
- version/mozilla mozilla/1.6-beta
- version/mozilla mozilla/1.4.1
- version/mozilla mozilla/1.5-alpha
- version/mozilla mozilla/1.5-rc1
- version/mozilla mozilla/1.7.7
- version/mozilla mozilla/1.3
- version/mozilla firefox/1.0
- version/mozilla mozilla/1.7-beta
- version/mozilla firefox/1.0.1
- version/mozilla mozilla/1.4
- version/mozilla mozilla/1.5
- version/mozilla firefox/1.0.3
- version/mozilla mozilla/1.7.6
- version/mozilla mozilla/1.7.1
- version/mozilla firefox/0.9.3
- version/mozilla mozilla/1.4-alpha
- version/mozilla mozilla/1.5.1
- version/mozilla firefox/0.9.2
- version/mozilla mozilla/1.7.2
- version/mozilla firefox/0.9-rc
- version/mozilla mozilla/1.7-rc3
- version/mozilla mozilla/1.7-rc2
- version/mozilla firefox/0.10
- version/mozilla mozilla/1.7.3
- version/mozilla mozilla/1.6-alpha
- version/mozilla mozilla/1.6