New Search

The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist such as update.mozilla.org or addon.mozilla.org to execute arbitrary Javascript with chrome privileges leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476 as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.

oval:org.mitre.oval:def:9231

The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist such as update.mozilla.org or addon.mozilla.org to execute arbitrary Javascript with chrome privileges leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476 as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 4
  • Oracle Linux 4
  • CentOS Linux 4
  • Red Hat Enterprise Linux 3
  • CentOS Linux 3
Class:
vulnerability
Reference(s):
  • CVE-2005-1477
Product(s):