Detections
Analytics
CVE-2005-2269
high
Description
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
http://www.vupen.com/english/advisories/2005/1075
http://www.securityfocus.com/bid/14242
http://www.redhat.com/support/errata/RHSA-2005-601.html
http://www.redhat.com/support/errata/RHSA-2005-587.html
http://www.redhat.com/support/errata/RHSA-2005-586.html
http://www.novell.com/linux/security/advisories/2006_04_25.html
http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://www.networksecurity.fi/advisories/netscape-multiple-issues.html
http://www.mozilla.org/security/announce/mfsa2005-55.html
http://www.debian.org/security/2005/dsa-810
http://www.ciac.org/ciac/bulletins/p-252.shtml
http://secunia.com/advisories/19823
http://secunia.com/advisories/16059