CVE-2005-2261

First published: Wed Jul 13 2005(Updated: )

Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Mozilla Thunderbird	=0.6
Mozilla Firefox	=0.8
Mozilla Thunderbird	=0.7.2
Mozilla Thunderbird	=0.3
Mozilla Mozilla	=1.7-alpha
Mozilla Thunderbird	=0.2
Mozilla Mozilla	=1.7-rc1
Mozilla Mozilla	=1.5-rc2
Mozilla Firefox	=1.0.2
Mozilla Mozilla	=1.7
Mozilla Firefox	=0.9.1
Mozilla Firefox	=1.0.4
Mozilla Mozilla	=1.7.5
Mozilla Firefox	=0.10.1
Mozilla Thunderbird	=1.0
Mozilla Firefox	=0.9
Mozilla Thunderbird	=1.0.1
Mozilla Mozilla	=1.6-beta
Mozilla Mozilla	=1.4.1
Mozilla Mozilla	=1.5-alpha
Mozilla Mozilla	=1.5-rc1
Mozilla Thunderbird	=1.0.2
Mozilla Mozilla	=1.7.7
Mozilla Mozilla	=1.3
Mozilla Firefox	=1.0
Mozilla Mozilla	=1.7-beta
Mozilla Firefox	=1.0.1
Mozilla Mozilla	=1.4
Mozilla Mozilla	=1.5
Mozilla Thunderbird	=0.5
Mozilla Thunderbird	=1.0.4
Mozilla Thunderbird	=0.9
Mozilla Thunderbird	=1.0.3
Mozilla Firefox	=1.0.3
Mozilla Mozilla	=1.7.6
Mozilla Mozilla	=1.7.1
Mozilla Thunderbird	=0.7.3
Mozilla Firefox	=0.9.3
Mozilla Mozilla	=1.4-alpha
Mozilla Thunderbird	=0.4
Mozilla Thunderbird	=0.7
Mozilla Mozilla	=1.7.8
Mozilla Mozilla	=1.5.1
Mozilla Firefox	=0.9.2
Mozilla Mozilla	=1.7.2
Mozilla Thunderbird	=0.1
Mozilla Firefox	=0.9-rc
Mozilla Mozilla	=1.7-rc3
Mozilla Thunderbird	=0.7.1
Mozilla Thunderbird	=0.8
Mozilla Mozilla	=1.7-rc2
Mozilla Firefox	=0.10
Mozilla Mozilla	=1.7.3
Mozilla Mozilla	=1.6-alpha
Mozilla Mozilla	=1.6

Remedy

http://www.mozilla.org/security/announce/mfsa2005-46.html

Never miss a vulnerability like this again

Reference Links

agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
agent/references
agent/remedy
agent/author
agent/severity
agent/weakness
agent/description
agent/tags
agent/event
collector/mitre-cve
source/MITRE
vendor/mozilla
canonical/mozilla thunderbird
version/mozilla thunderbird/0.6
canonical/mozilla firefox
version/mozilla firefox/0.8
version/mozilla thunderbird/0.7.2
version/mozilla thunderbird/0.3
canonical/mozilla mozilla
version/mozilla mozilla/1.7-alpha
version/mozilla thunderbird/0.2
version/mozilla mozilla/1.7-rc1
version/mozilla mozilla/1.5-rc2
version/mozilla firefox/1.0.2
version/mozilla mozilla/1.7
version/mozilla firefox/0.9.1
version/mozilla firefox/1.0.4
version/mozilla mozilla/1.7.5
version/mozilla firefox/0.10.1
version/mozilla thunderbird/1.0
version/mozilla firefox/0.9
version/mozilla thunderbird/1.0.1
version/mozilla mozilla/1.6-beta
version/mozilla mozilla/1.4.1
version/mozilla mozilla/1.5-alpha
version/mozilla mozilla/1.5-rc1
version/mozilla thunderbird/1.0.2
version/mozilla mozilla/1.7.7
version/mozilla mozilla/1.3
version/mozilla firefox/1.0
version/mozilla mozilla/1.7-beta
version/mozilla firefox/1.0.1
version/mozilla mozilla/1.4
version/mozilla mozilla/1.5
version/mozilla thunderbird/0.5
version/mozilla thunderbird/1.0.4
version/mozilla thunderbird/0.9
version/mozilla thunderbird/1.0.3
version/mozilla firefox/1.0.3
version/mozilla mozilla/1.7.6
version/mozilla mozilla/1.7.1
version/mozilla thunderbird/0.7.3
version/mozilla firefox/0.9.3
version/mozilla mozilla/1.4-alpha
version/mozilla thunderbird/0.4
version/mozilla thunderbird/0.7
version/mozilla mozilla/1.7.8
version/mozilla mozilla/1.5.1
version/mozilla firefox/0.9.2
version/mozilla mozilla/1.7.2
version/mozilla thunderbird/0.1
version/mozilla firefox/0.9-rc
version/mozilla mozilla/1.7-rc3
version/mozilla thunderbird/0.7.1
version/mozilla thunderbird/0.8
version/mozilla mozilla/1.7-rc2
version/mozilla firefox/0.10
version/mozilla mozilla/1.7.3
version/mozilla mozilla/1.6-alpha
version/mozilla mozilla/1.6

CVE-2005-2261

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact