CVE-2005-1157 — Mozilla Firefox vulnerability

7 documents6 sources

Severity

7.5HIGHNVD

EPSS

8.7%

top 7.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Netscape Navigator

Timeline

PublishedMay 2

Latest updateMay 3

Description

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDmozilla/firefox10 versions+9

▶NVDmozilla/mozilla12 versions+11

▶NVDnetscape/navigator7.2

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-8hfq-wv6x-73v6: Firefox before 1↗2022-05-03

▶

CVEList

CVE-2005-1157: Firefox before 1↗2005-04-18

▶

📋Vendor Advisories

Ubuntu

Ubuntu 4.10 update for Firefox vulnerabilities↗2005-07-28

▶

Ubuntu

Mozilla and Firefox vulnerabilities↗2005-05-11

▶

Red Hat

security flaw↗2005-04-15

▶

💬Community

Bugzilla

CVE-2005-1157 security flaw↗2018-08-16

▶