CVE-2005-2269 — Mozilla Firefox vulnerability

9 documents6 sources

Severity

7.5HIGHNVD

EPSS

7.5%

top 8.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla

Timeline

PublishedJul 13

Latest updateMay 1

Description

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmozilla/firefox12 versions+11

▶NVDmozilla/mozilla14 versions+13

Patches

Patch: www.mozilla.org ↗Patch: www.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-cxw5-72vp-8h54: Firefox before 1↗2022-05-01

▶

CVEList

CVE-2005-2269: Firefox before 1↗2005-07-13

▶

📋Vendor Advisories

Ubuntu

Mozilla Thunderbird vulnerabilities↗2005-08-01

▶

Ubuntu

Ubuntu 4.10 update for Firefox vulnerabilities↗2005-07-28

▶

Ubuntu

Mozilla vulnerabilities↗2005-07-27

▶

Ubuntu

Firefox vulnerabilities↗2005-07-21

▶

Red Hat

security flaw↗2005-07-12

▶

💬Community

Bugzilla

CVE-2005-2269 security flaw↗2018-08-16

▶