Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1477Cross-site Scripting in Mozilla Firefox

9 documents5 sources
Severity
5.1MEDIUMNVD
EPSS
41.6%
top 2.57%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Mozilla Firefox
Timeline
PublishedMay 9
Latest updateMay 3

Description

The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

NVDmozilla/firefox1.0.3+1

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-x2x8-qmfc-8j2r: The install function in Firefox 12022-05-03
GHSA
GHSA-364v-59j7-j8j2: Firefox 12022-05-03

💥Exploits & PoCs

1
Exploit-DB
Mozilla Firefox 1.0.3 - Install Method Arbitrary Code Execution2005-05-07

📋Vendor Advisories

2
Red Hat
security flaw2005-05-08
Red Hat
security flaw2005-05-08

💬Community

2
Bugzilla
CVE-2005-1477 security flaw2018-08-16
Bugzilla
CVE-2005-1476 security flaw2018-08-16