VDB
CVE-2005-2968
CVE-2005-2968
PUBLISHED
CVSS 7.5 HIGH
Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.
EPSS 45.89% · 97.7th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
45.89%
97.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| mozilla | mozilla | 1.7.10 |
| n/a | n/a | n/a |
| mozilla | firefox | 1.0.6 |
Timeline
- Sep 20, 2005 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- DSA-868 vendor-advisory
- ADV-2005-1824 vdb
- SCOSA-2005.49 vendor-advisory
- 14888 vdb
- 15495 vdb
- https://bugzilla.mozilla.org/show_bug.cgi?id=307185 url
- USN-186-2 vendor-advisory
- 16869 third-party-advisory
- RHSA-2005:791 vendor-advisory
- USN-200-1 vendor-advisory
- 17042 third-party-advisory
- DSA-866 vendor-advisory
- http://www.mozilla.org/security/announce/mfsa2005-58.html url
- 17284 third-party-advisory
- 17149 third-party-advisory
- 17263 third-party-advisory
- oval:org.mitre.oval:def:11105 vdb
- VU#914681 third-party-advisory
- RHSA-2005:785 vendor-advisory
- USN-186-1 vendor-advisory
…and 4 more