VDB
CVE-2005-1477
CVE-2005-1477
PUBLISHED
CVSS 5.099999904632568 MEDIUM
The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.
EPSS 41.65% · 97.5th percentile
Risk Scores
CVSS 2.0
5.099999904632568
EPSS Score
41.65%
97.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| mozilla | firefox | 1.0.3 |
Timeline
- May 9, 2005 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Aug 29, 2023 EPSS Score
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=292691 url
- SCOSA-2005.49 vendor-advisory
- oval:org.mitre.oval:def:9231 vdb
- RHSA-2005:435 vendor-advisory
- 1013913 vdb
- 15292 third-party-advisory
- 15495 vdb
- https://bugzilla.mozilla.org/show_bug.cgi?id=293302 url
- 20050508 Firefox Remote Compromise Technical Details mailing-list
- oval:org.mitre.oval:def:100001 vdb
- 13544 vdb
- http://greyhatsecurity.org/vulntests/ffrc.htm url
- http://www.mozilla.org/security/announce/mfsa2005-42.html url
- mozilla-javascript-code-execution(20443) vdb
- http://greyhatsecurity.org/firefox.htm url
- RHSA-2005:434 vendor-advisory
- ADV-2005-0493 vdb
- VU#648758 third-party-advisory
- 20050508 Firefox Remote Compromise Leaked mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2005-1477 advisory