Vulnerability Details : CVE-2005-1160
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.
Products affected by CVE-2005-1160
- cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-1160
4.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-1160
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
References for CVE-2005-1160
-
https://bugzilla.mozilla.org/show_bug.cgi?id=289074
Patch
-
http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml
Patch;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2005-386.html
Patch;Vendor Advisory
-
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
-
http://www.novell.com/linux/security/advisories/2006_04_25.html
404 Page Not Found | SUSE
-
http://secunia.com/advisories/19823
About Secunia Research | Flexera
-
http://secunia.com/advisories/14992
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/15495
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100017
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11291
-
http://www.securityfocus.com/bid/13233
-
http://www.redhat.com/support/errata/RHSA-2005-384.html
Support
-
https://bugzilla.mozilla.org/show_bug.cgi?id=289083
Patch
-
http://www.redhat.com/support/errata/RHSA-2005-601.html
-
https://bugzilla.mozilla.org/show_bug.cgi?id=289961
Patch
-
http://www.redhat.com/support/errata/RHSA-2005-383.html
SupportPatch;Vendor Advisory
-
http://www.mozilla.org/security/announce/mfsa2005-41.html
Vendor Advisory
-
http://secunia.com/advisories/14938
About Secunia Research | FlexeraPatch;Vendor Advisory
Jump to