CVE-2005-0150 — Mozilla Firefox vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

1.4%

top 19.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedMay 26

Latest updateMay 1

Description

Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox8 versions+7

Patches

Patch: www.mozilla.org ↗Patch: bugzilla.mozilla.org ↗Patch: www.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-xrx5-vc96-3g46: Firefox before 1↗2022-05-01

▶

📋Vendor Advisories

Ubuntu

Ubuntu 4.10 update for Firefox vulnerabilities↗2005-07-28

▶