Vulnerability Description
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 0.8 |
| Mozilla | Mozilla | <= 1.4 |
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
- http://securitytracker.com/id?1013962
- http://securitytracker.com/id?1013963
- http://www.mozilla.org/security/announce/mfsa2005-43.htmlPatch
- http://www.redhat.com/support/errata/RHSA-2005-434.html
- http://www.redhat.com/support/errata/RHSA-2005-435.html
- http://www.securityfocus.com/bid/13641
- http://www.securityfocus.com/bid/15495
- http://www.vupen.com/english/advisories/2005/0530
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
- http://securitytracker.com/id?1013962
- http://securitytracker.com/id?1013963
- http://www.mozilla.org/security/announce/mfsa2005-43.htmlPatch
FAQ
What is CVE-2005-1531?
CVE-2005-1531 is a vulnerability with a CVSS score of 7.5 (HIGH). Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: ...
How severe is CVE-2005-1531?
CVE-2005-1531 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1531?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla.