CVE-2005-2262
First published: Wed Jul 13 2005(Updated: )
Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling."
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | =1.0.4 | |
| Mozilla Firefox | =1.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mikx.de/firewalling/
- http://www.mozilla.org/security/announce/mfsa2005-47.html
- http://www.networksecurity.fi/advisories/netscape-multiple-issues.html
- http://www.ciac.org/ciac/bulletins/p-252.shtml
- http://www.securiteam.com/securitynews/5ZP0E0UGAK.html
- http://www.securityfocus.com/bid/14242
- http://secunia.com/advisories/16043
- http://secunia.com/advisories/16044
- http://www.redhat.com/support/errata/RHSA-2005-586.html
- http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
- http://www.novell.com/linux/security/advisories/2005_18_sr.html
- http://www.vupen.com/english/advisories/2005/1075
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11097
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011
- agent/references
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/1.0.4
- version/mozilla firefox/1.0.3