CVE-2005-1532

Firefox <1.0.4 & Mozilla Suite <1.7.8 - Privilege Escalation

Title source: llm

Description

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.

Exploits (1)

exploitdb WORKING POC VERIFIED

by moz_bug_r_a4 · htmlremotemultiple

https://www.exploit-db.com/exploits/25670

View Code ZIP pw:eip

References (14)

[Various Sources] http://www.mozilla.org/security/announce/mfsa2005-44.html

[Various Sources] ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2005-435.html

[Third Party Advisory] http://secunia.com/advisories/19823

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1013964

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/15495

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2005-601.html

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1013965

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/13645

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/0530

[Vendor Advisory] http://www.novell.com/linux/security/advisories/2006_04_25.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2005-434.html

Scores

EPSS 0.1743

EPSS Percentile 95.1%

Details

CWE

CWE-264

Status published

Products (24)

mozilla/firefox 0.8

mozilla/firefox 0.9 (2 CPE variants)

mozilla/firefox 0.9.1

mozilla/firefox 0.9.2

mozilla/firefox 0.9.3

mozilla/firefox 0.10

mozilla/firefox 0.10.1

mozilla/firefox 1.0

mozilla/firefox 1.0.1

mozilla/firefox 1.0.2

... and 14 more

Published May 12, 2005

Tracked Since Feb 18, 2026