Vulnerability Description
The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 0.8 |
| Mozilla | Mozilla | 1.3 |
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=289940
- http://secunia.com/advisories/16043
- http://secunia.com/advisories/16044
- http://secunia.com/advisories/16059
- http://www.ciac.org/ciac/bulletins/p-252.shtml
- http://www.debian.org/security/2005/dsa-810
- http://www.mozilla.org/security/announce/mfsa2005-45.htmlPatchVendor Advisory
- http://www.networksecurity.fi/advisories/netscape-multiple-issues.html
- http://www.novell.com/linux/security/advisories/2005_18_sr.html
- http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
- http://www.redhat.com/support/errata/RHSA-2005-586.html
- http://www.redhat.com/support/errata/RHSA-2005-587.html
- http://www.securityfocus.com/bid/14242
- http://www.vupen.com/english/advisories/2005/1075
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
FAQ
What is CVE-2005-2260?
CVE-2005-2260 is a vulnerability with a CVSS score of 7.5 (HIGH). The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which m...
How severe is CVE-2005-2260?
CVE-2005-2260 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2260?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla.