CVE-2005-1156
published 2005-05-02CVE-2005-1156: Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using…
PriorityP333high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.34%
81.5th percentile
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| netscape | navigator | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Ubuntu 4.10 update for Firefox vulnerabilities
vendor_ubuntu·2005-07-28
CVE-2004-1156 Ubuntu 4.10 update for Firefox vulnerabilities
Title: Ubuntu 4.10 update for Firefox vulnerabilities
Summary: Ubuntu 4.10 update for Firefox vulnerabilities
USN-149-1 fixed some vulnerabilities in the Ubuntu 5.04 (Hoary
Hedgehog) version of Firefox. The version shipped with Ubuntu 4.10
(Warty Warthog) is also vulnerable to these flaws, so it needs to be
upgraded as well. Please see
http://www.ubuntulinux.org/support/documentation/usn/usn-149-1
for the original advisory.
This update also fixes several older vulnerabilities; Some of them
could be exploited to execute arbitrary code with full user privileges
if the user visited a malicious web site. (MFSA-2005-01 to
MFSA-2005-44; please see the following web site for details:
http://www.mozilla.org/projects/security/known-vulnerabilities.html)
Instructions: In general, a standard sy
Ubuntu
Mozilla and Firefox vulnerabilities
vendor_ubuntu·2005-05-11
CVE-2005-1155 Mozilla and Firefox vulnerabilities
Title: Mozilla and Firefox vulnerabilities
Summary: Mozilla and Firefox vulnerabilities
When a popup is blocked the user is given the ability to open that
popup through the popup-blocking status bar icon and, in Firefox,
through the information bar. Doron Rosenberg noticed that popups
which are permitted by the user were executed with elevated
privileges, which could be abused to automatically install and execute
arbitrary code with the privileges of the user. (CAN-2005-1153)
It was discovered that the browser did not start with a clean global
JavaScript state for each new website. This allowed a malicious web
page to define a global variable known to be used by a different site,
allowing malicious code to be executed in the context of that site
(for example, sending web mail or automat
Red Hat
security flaw
vendor_redhat·2005-04-15·CVSS 7.5
CVE-2005-1156 [HIGH] security flaw
security flaw
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
GHSA
GHSA-p7cq-vpx5-5pp5: Firefox before 1
ghsa_unreviewed·2022-05-03
CVE-2005-1156 [HIGH] GHSA-p7cq-vpx5-5pp5: Firefox before 1
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
No detection rules found.
No public exploits indexed.
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txthttp://secunia.com/advisories/14938http://secunia.com/advisories/14992http://secunia.com/advisories/14996http://securitytracker.com/id?1013745http://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlhttp://www.mikx.de/firesearching/http://www.mozilla.org/security/announce/mfsa2005-38.htmlhttp://www.redhat.com/support/errata/RHSA-2005-383.htmlhttp://www.redhat.com/support/errata/RHSA-2005-384.htmlhttp://www.redhat.com/support/errata/RHSA-2005-386.htmlhttp://www.securityfocus.com/bid/13211http://www.securityfocus.com/bid/15495https://bugzilla.mozilla.org/show_bug.cgi?id=290037https://exchange.xforce.ibmcloud.com/vulnerabilities/20125https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txthttp://secunia.com/advisories/14938http://secunia.com/advisories/14992http://secunia.com/advisories/14996http://securitytracker.com/id?1013745http://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlhttp://www.mikx.de/firesearching/http://www.mozilla.org/security/announce/mfsa2005-38.htmlhttp://www.redhat.com/support/errata/RHSA-2005-383.htmlhttp://www.redhat.com/support/errata/RHSA-2005-384.htmlhttp://www.redhat.com/support/errata/RHSA-2005-386.htmlhttp://www.securityfocus.com/bid/13211http://www.securityfocus.com/bid/15495https://bugzilla.mozilla.org/show_bug.cgi?id=290037https://exchange.xforce.ibmcloud.com/vulnerabilities/20125https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230
2005-05-02
Published