Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-2262 — Mozilla Firefox vulnerability

6 documents6 sources

Severity

5.1MEDIUMNVD

EPSS

16.0%

top 5.21%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Firefox

Timeline

PublishedJul 13

Latest updateMay 1

Description

Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling."

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/firefox1.0.3, 1.0.4+1

🔴Vulnerability Details

GHSA

GHSA-hhwp-x6c3-m33w: Firefox 1↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Firefox 1.0.4 - 'Set As Wallpaper' Code Execution↗2005-07-13

▶

📋Vendor Advisories

Ubuntu

Ubuntu 4.10 update for Firefox vulnerabilities↗2005-07-28

▶

Red Hat

security flaw↗2005-07-12

▶

💬Community

Bugzilla

CVE-2005-2262 security flaw↗2018-08-16

▶