Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1532 — Failure to Handle Incomplete Element in Mozilla Firefox

CWE-239 — Failure to Handle Incomplete Element11 documents8 sources

Severity

7.5HIGHNVD

CNA5.1

EPSS

17.4%

top 4.92%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Firefox Mozilla

Timeline

PublishedMay 12

Latest updateMay 3

Description

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmozilla/firefox11 versions+10

▶NVDmozilla/mozilla13 versions+12

🔴Vulnerability Details

GHSA

GHSA-ffv2-fj33-mvch: Firefox before 1↗2022-05-03

▶

CVEList

CVE-2005-1532: Firefox before 1↗2005-05-12

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Suite And Firefox - DOM Property Overrides Code Execution↗2005-05-16

▶

📋Vendor Advisories

Ubuntu

Mozilla Thunderbird vulnerabilities↗2005-08-01

▶

Ubuntu

Ubuntu 4.10 update for Firefox vulnerabilities↗2005-07-28

▶

Ubuntu

Mozilla vulnerabilities↗2005-07-27

▶

Ubuntu

Firefox vulnerabilities↗2005-05-27

▶

Red Hat

security flaw↗2005-05-18

▶

📐Framework References

CWE

Failure to Handle Incomplete Element↗

▶

💬Community

Bugzilla

CVE-2005-1532 security flaw↗2018-08-16

▶