cbcvebase.
CVE-2005-1157
published 2005-05-02

CVE-2005-1157: Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using…

PriorityP429high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.46%
82.4th percentile
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."

Affected

23 ranges
VendorProductVersion rangeFixed in
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillamozilla
mozillamozilla
mozillamozilla
mozillamozilla
mozillamozilla
mozillamozilla
mozillamozilla
mozillamozilla
mozillamozilla
mozillamozilla
mozillamozilla
mozillamozilla
netscapenavigator

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.