CVE-2005-3089 — Mozilla Firefox vulnerability

4 documents4 sources

Severity

2.6LOWNVD

EPSS

0.7%

top 27.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedSep 28

Latest updateMay 1

Description

Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerability.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox7 versions+6

Patches

Patch: securitytracker.com ↗Patch: www.mozilla.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-p364-qwq2-fh4v: Firefox 1↗2022-05-01

▶

📋Vendor Advisories

Red Hat

security flaw↗2005-07-25

▶

💬Community

Bugzilla

CVE-2005-3089 security flaw↗2018-08-16

▶