Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-2265 — Mozilla Firefox vulnerability

12 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

82.0%

top 0.79%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Firefox Mozilla

Timeline

PublishedJul 13

Latest updateMay 1

Description

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/firefox12 versions+11

▶NVDmozilla/mozilla14 versions+13

Patches

Patch: www.mozilla.org ↗Patch: www.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-5pgg-4c5c-9j5p: Firefox before 1↗2022-05-01

▶

CVEList

CVE-2005-2265: Firefox before 1↗2005-07-13

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Suite/Firefox - InstallVersion->compareTo() Code Execution (Metasploit)↗2010-09-20

▶

Exploit-DB

Mozilla Suite/Firefox < 1.0.5 - compareTo Code Execution (Metasploit)↗2005-07-13

▶

Metasploit

Mozilla Suite/Firefox compareTo() Code Execution↗

▶

📋Vendor Advisories

Ubuntu

Mozilla Thunderbird vulnerabilities↗2005-08-01

▶

Ubuntu

Ubuntu 4.10 update for Firefox vulnerabilities↗2005-07-28

▶

Ubuntu

Mozilla vulnerabilities↗2005-07-27

▶

Ubuntu

Firefox vulnerabilities↗2005-07-21

▶

Red Hat

security flaw↗2005-07-12

▶

💬Community

Bugzilla

CVE-2005-2265 security flaw↗2018-08-16

▶