CVE-2005-1532

Firefox <1.0.4 & Mozilla Suite <1.7.8 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1532. PoCs published by moz_bug_r_a4.

AI-analyzed exploit summary This exploit leverages a DOM property verification flaw in Mozilla Firefox and Mozilla Suite to execute arbitrary JavaScript with chrome privileges. The PoC demonstrates code execution by triggering a custom event or XUL element interaction, bypassing security checks.

Description

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.

Exploits (1)

exploitdb WORKING POC VERIFIED

by moz_bug_r_a4 · htmlremotemultiple

https://www.exploit-db.com/exploits/25670

View Code ZIP pw:eip

This exploit leverages a DOM property verification flaw in Mozilla Firefox and Mozilla Suite to execute arbitrary JavaScript with chrome privileges. The PoC demonstrates code execution by triggering a custom event or XUL element interaction, bypassing security checks.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Mozilla Firefox 1.0.3, Mozilla Suite 1.7.7

No auth needed

Prerequisites: User interaction (clicking or event dispatch) · Vulnerable browser version

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (14)

Core 14

Core References

Various Sources x_refsource_confirm

http://www.mozilla.org/security/announce/mfsa2005-44.html

Various Sources vendor-advisory x_refsource_sco

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-435.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/19823

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1013964

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15495

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-601.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1013965

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/13645

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2005/0530

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2006_04_25.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-434.html

Scores

EPSS 0.0947

EPSS Percentile 94.8%

Details

CWE

CWE-264

Status published

Products (24)

mozilla/firefox 0.8

mozilla/firefox 0.9 (2 CPE variants)

mozilla/firefox 0.9.1

mozilla/firefox 0.9.2

mozilla/firefox 0.9.3

mozilla/firefox 0.10

mozilla/firefox 0.10.1

mozilla/firefox 1.0

mozilla/firefox 1.0.1

mozilla/firefox 1.0.2

... and 14 more

Published May 12, 2005

Tracked Since Feb 18, 2026