CVE-2005-2706

Description

Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.

Affected products

• Mozilla / Firefox1.0.6
• Mozilla / Firefox1.0 – 1.0
• Mozilla / Firefox1.0.1 – 1.0.1
• Mozilla / Firefox1.0.2 – 1.0.2
• Mozilla / Firefox1.0.3 – 1.0.3
• Mozilla / Firefox1.0.4 – 1.0.4
• Mozilla / Firefox1.0.5 – 1.0.5
• Mozilla / mozilla_suite1.7.11
• Mozilla / mozilla_suite1.7.6 – 1.7.6
• Mozilla / mozilla_suite1.7.7 – 1.7.7
• Mozilla / mozilla_suite1.7.8 – 1.7.8
• Mozilla / mozilla_suite1.7.10 – 1.7.10

References

• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:169
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1443
• VENDOR_ADVISORYhttp://www.debian.org/security/2005/dsa-868
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2005/1824
• MISChttp://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
• MISCftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
• MISChttp://www.securityfocus.com/bid/14920
• VENDOR_ADVISORYhttp://secunia.com/advisories/19823
• MISChttp://www.securityfocus.com/bid/15495
• MISChttp://securitytracker.com/id?1014954
• MISChttp://www.redhat.com/support/errata/RHSA-2005-789.html
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11317
• VENDOR_ADVISORYhttp://secunia.com/advisories/17026
• MISChttp://www.osvdb.org/19648
• MISChttp://www.redhat.com/support/errata/RHSA-2005-791.html
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/usn-200-1
• VENDOR_ADVISORYhttp://secunia.com/advisories/17042
• VENDOR_ADVISORYhttp://www.debian.org/security/2005/dsa-866
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/22378
• MISChttp://www.mozilla.org/security/announce/mfsa2005-58.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/17284
• VENDOR_ADVISORYhttp://secunia.com/advisories/17149
• VENDOR_ADVISORYhttp://secunia.com/advisories/17263
• VENDOR_ADVISORYhttp://secunia.com/advisories/16917
• VENDOR_ADVISORYhttp://www.debian.org/security/2005/dsa-838
• VENDOR_ADVISORYhttp://secunia.com/advisories/17014
• MISChttp://www.redhat.com/support/errata/RHSA-2005-785.html
• VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2005_58_mozilla.html
• VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2006_04_25.html
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:174
• VENDOR_ADVISORYhttp://secunia.com/advisories/17090
• VENDOR_ADVISORYhttp://secunia.com/advisories/16911
• VENDOR_ADVISORYhttp://secunia.com/advisories/16977
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:170