CVE-2005-1160

critical

Description

The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11291

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100017

https://bugzilla.mozilla.org/show_bug.cgi?id=289961

https://bugzilla.mozilla.org/show_bug.cgi?id=289083

https://bugzilla.mozilla.org/show_bug.cgi?id=289074

http://www.securityfocus.com/bid/15495

http://www.securityfocus.com/bid/13233

http://www.redhat.com/support/errata/RHSA-2005-601.html

http://www.redhat.com/support/errata/RHSA-2005-386.html

http://www.redhat.com/support/errata/RHSA-2005-384.html

http://www.redhat.com/support/errata/RHSA-2005-383.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.mozilla.org/security/announce/mfsa2005-41.html

http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml

http://secunia.com/advisories/19823

http://secunia.com/advisories/14992

http://secunia.com/advisories/14938

Details

Source: Mitre, NVD

Published: 2005-05-02

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical