Vulnerability Details : CVE-2005-2269
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").
Exploit prediction scoring system (EPSS) score for CVE-2005-2269
Probability of exploitation activity in the next 30 days: 10.43%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-2269
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2005-2269
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
- http://www.ciac.org/ciac/bulletins/p-252.shtml
-
http://www.novell.com/linux/security/advisories/2005_18_sr.html
404 Page Not Found | SUSE
-
http://www.novell.com/linux/security/advisories/2006_04_25.html
404 Page Not Found | SUSE
- http://www.debian.org/security/2005/dsa-810
- http://www.networksecurity.fi/advisories/netscape-multiple-issues.html
- http://www.vupen.com/english/advisories/2005/1075
- http://www.redhat.com/support/errata/RHSA-2005-587.html
-
http://www.mozilla.org/security/announce/mfsa2005-55.html
Patch;Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-586.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005
- http://www.redhat.com/support/errata/RHSA-2005-601.html
-
https://bugzilla.mozilla.org/show_bug.cgi?id=298892
Exploit;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777
- http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729
-
http://www.securityfocus.com/bid/14242
Mozilla Suite, Firefox And Thunderbird Multiple Vulnerabilities
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004
Products affected by CVE-2005-2269
- cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*