Vulnerability Description
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 0.8 |
| Mozilla | Mozilla | 1.3 |
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
- http://secunia.com/advisories/14938PatchVendor Advisory
- http://secunia.com/advisories/14992PatchVendor Advisory
- http://secunia.com/advisories/19823
- http://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatchVendor Advisory
- http://www.mozilla.org/security/announce/mfsa2005-41.htmlVendor Advisory
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- http://www.redhat.com/support/errata/RHSA-2005-383.htmlPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-384.html
- http://www.redhat.com/support/errata/RHSA-2005-386.htmlPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-601.html
- http://www.securityfocus.com/bid/13233
- http://www.securityfocus.com/bid/15495
- https://bugzilla.mozilla.org/show_bug.cgi?id=289074Patch
- https://bugzilla.mozilla.org/show_bug.cgi?id=289083Patch
FAQ
What is CVE-2005-1160?
CVE-2005-1160 is a vulnerability with a CVSS score of 5.1 (MEDIUM). The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstra...
How severe is CVE-2005-1160?
CVE-2005-1160 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1160?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla.