CVE-2005-2262

Firefox 1.0.3-1.0.4 & Netscape 8.0.2 - RCE

Title source: llm

Description

Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Michael Krax · htmlremotewindows

https://www.exploit-db.com/exploits/1102

View Code ZIP pw:eip

References (14)

[Vendor Advisory] http://www.novell.com/linux/security/advisories/2005_18_sr.html

[Various Sources] http://www.mikx.de/firewalling/

[Third Party Advisory, US Government Resource] http://www.ciac.org/ciac/bulletins/p-252.shtml

[Various Sources] http://www.securiteam.com/securitynews/5ZP0E0UGAK.html

[Third Party Advisory] http://secunia.com/advisories/16044

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11097

[Various Sources] http://www.mozilla.org/security/announce/mfsa2005-47.html

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/1075

[Various Sources] http://www.networksecurity.fi/advisories/netscape-multiple-issues.html

[Vendor Advisory] http://www.novell.com/linux/security/advisories/2005_45_mozilla.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/14242

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2005-586.html

[Third Party Advisory] http://secunia.com/advisories/16043

Scores

EPSS 0.1600

EPSS Percentile 94.8%

Details

Status published

Products (2)

mozilla/firefox 1.0.3

mozilla/firefox 1.0.4

Published Jul 13, 2005

Tracked Since Feb 18, 2026