CVE-2005-0989
published 2005-05-02CVE-2005-0989: The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read…
PriorityP425medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
10.04%
95.0th percentile
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | mozilla | — | — |
| netscape | navigator | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Mozilla Thunderbird vulnerabilities
vendor_ubuntu·2005-08-01
CVE-2005-2353 Mozilla Thunderbird vulnerabilities
Title: Mozilla Thunderbird vulnerabilities
Summary: Mozilla Thunderbird vulnerabilities
Vladimir V. Perepelitsa discovered a bug in Thunderbird's handling of anonymous
functions during regular expression string replacement. A malicious HTML email
could exploit this to capture a random block of client memory. (CAN-2005-0989)
Georgi Guninski discovered that the types of certain XPInstall related
JavaScript objects were not sufficiently validated when they were called. This
could be exploited by malicious HTML email content to crash Thunderbird or even
execute arbitrary code with the privileges of the user. (CAN-2005-1159)
Thunderbird did not properly verify the values of XML DOM nodes. By tricking
the user to perform a common action like clicking on a link or opening the
context menu, a
Ubuntu
Ubuntu 4.10 update for Firefox vulnerabilities
vendor_ubuntu·2005-07-28
CVE-2004-1156 Ubuntu 4.10 update for Firefox vulnerabilities
Title: Ubuntu 4.10 update for Firefox vulnerabilities
Summary: Ubuntu 4.10 update for Firefox vulnerabilities
USN-149-1 fixed some vulnerabilities in the Ubuntu 5.04 (Hoary
Hedgehog) version of Firefox. The version shipped with Ubuntu 4.10
(Warty Warthog) is also vulnerable to these flaws, so it needs to be
upgraded as well. Please see
http://www.ubuntulinux.org/support/documentation/usn/usn-149-1
for the original advisory.
This update also fixes several older vulnerabilities; Some of them
could be exploited to execute arbitrary code with full user privileges
if the user visited a malicious web site. (MFSA-2005-01 to
MFSA-2005-44; please see the following web site for details:
http://www.mozilla.org/projects/security/known-vulnerabilities.html)
Instructions: In general, a standard sy
Red Hat
security flaw
vendor_redhat·2005-04-15·CVSS 5.0
CVE-2005-0989 [MEDIUM] security flaw
security flaw
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
GHSA
GHSA-fm33-hrc3-jr7v: The find_replen function in jsstr
ghsa_unreviewed·2022-05-03
CVE-2005-0989 [MEDIUM] GHSA-fm33-hrc3-jr7v: The find_replen function in jsstr
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
No detection rules found.
Bugzilla
CVE-2005-0989 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2005-0989 [MEDIUM] CVE-2005-0989 security flaw
CVE-2005-0989 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
Bugzilla
CAN-2005-0752 Multiple firefox issues. (CAN-2005-0989)
bugzilla·2005-04-16
[HIGH] CAN-2005-0752 Multiple firefox issues. (CAN-2005-0989)
CAN-2005-0752 Multiple firefox issues. (CAN-2005-0989)
Firefox 1.0.3 has been released. The following issues have been fixed
http://www.mozilla.org/projects/security/known-vulnerabilities.html
MFSA 2005-33 Javascript "lambda" replace exposes memory contents
CAN-2005-0989
MFSA 2005-34 javascript: PLUGINSPAGE code execution
CAN-2005-0752
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-39 Arbitrary code execution from Firefox sidebar panel II
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-41 Privilege escalation via DOM property overrides
I'll fill in the rest of the CVE
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txthttp://secunia.com/advisories/14820http://secunia.com/advisories/14821http://secunia.com/advisories/19823http://securitytracker.com/id?1013635http://securitytracker.com/id?1013643http://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlhttp://www.mozilla.org/security/announce/mfsa2005-33.htmlhttp://www.novell.com/linux/security/advisories/2006_04_25.htmlhttp://www.redhat.com/support/errata/RHSA-2005-383.htmlhttp://www.redhat.com/support/errata/RHSA-2005-384.htmlhttp://www.redhat.com/support/errata/RHSA-2005-386.htmlhttp://www.redhat.com/support/errata/RHSA-2005-601.htmlhttp://www.securityfocus.com/bid/12988http://www.securityfocus.com/bid/15495https://bugzilla.mozilla.org/show_bug.cgi?id=288688https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txthttp://secunia.com/advisories/14820http://secunia.com/advisories/14821http://secunia.com/advisories/19823http://securitytracker.com/id?1013635http://securitytracker.com/id?1013643http://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlhttp://www.mozilla.org/security/announce/mfsa2005-33.htmlhttp://www.novell.com/linux/security/advisories/2006_04_25.htmlhttp://www.redhat.com/support/errata/RHSA-2005-383.htmlhttp://www.redhat.com/support/errata/RHSA-2005-384.htmlhttp://www.redhat.com/support/errata/RHSA-2005-386.htmlhttp://www.redhat.com/support/errata/RHSA-2005-601.htmlhttp://www.securityfocus.com/bid/12988http://www.securityfocus.com/bid/15495https://bugzilla.mozilla.org/show_bug.cgi?id=288688https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706
2005-05-02
Published