Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-0989 — Mozilla Firefox vulnerability

10 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

25.3%

top 3.79%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Firefox Mozilla Netscape Navigator

Timeline

PublishedMay 2

Latest updateMay 3

Description

The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/firefox1.0.1, 1.0.2+1

▶NVDmozilla/mozilla1.7.6

▶NVDnetscape/navigator7.2

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: www.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-fm33-hrc3-jr7v: The find_replen function in jsstr↗2022-05-03

▶

CVEList

CVE-2005-0989: The find_replen function in jsstr↗2005-04-06

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Suite/Firefox - JavaScript Lambda Replace Heap Memory Disclosure↗2005-04-04

▶

📋Vendor Advisories

Ubuntu

Mozilla Thunderbird vulnerabilities↗2005-08-01

▶

Ubuntu

Ubuntu 4.10 update for Firefox vulnerabilities↗2005-07-28

▶

Red Hat

security flaw↗2005-04-15

▶

💬Community

Bugzilla

CVE-2005-0989 security flaw↗2018-08-16

▶

Bugzilla

CAN-2005-0752 Multiple firefox issues. (CAN-2005-0989)↗2005-04-16

▶