CVE-2005-2267 — Improper Input Validation in Mozilla Firefox

CWE-20 — Improper Input Validation9 documents5 sources

Severity

7.5HIGHNVD

NVD2.6

EPSS

5.0%

top 10.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedJul 13

Latest updateMay 1

Description

Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/firefox2.0.0.15+62

🔴Vulnerability Details

GHSA

GHSA-r48x-q8w9-w765: Firefox before 1↗2022-05-01

▶

GHSA

GHSA-9wm7-g493-2j99: Mozilla Firefox before 2↗2022-05-01

▶

📋Vendor Advisories

Red Hat

Firefox command line URL launches multi-tabs↗2008-07-15

▶

Ubuntu

Ubuntu 4.10 update for Firefox vulnerabilities↗2005-07-28

▶

Ubuntu

Firefox vulnerabilities↗2005-07-21

▶

Red Hat

security flaw↗2005-07-12

▶

💬Community

Bugzilla

CVE-2005-2267 security flaw↗2018-08-16

▶