Vulnerability Description
Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 0.8 |
| Mozilla | Mozilla | 1.3 |
| Mozilla | Thunderbird | 0.1 |
References
- http://secunia.com/advisories/16043
- http://secunia.com/advisories/16044
- http://secunia.com/advisories/16059
- http://secunia.com/advisories/19823
- http://www.ciac.org/ciac/bulletins/p-252.shtml
- http://www.debian.org/security/2005/dsa-810
- http://www.mozilla.org/security/announce/mfsa2005-46.htmlPatchVendor Advisory
- http://www.networksecurity.fi/advisories/netscape-multiple-issues.html
- http://www.novell.com/linux/security/advisories/2005_18_sr.html
- http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- http://www.redhat.com/support/errata/RHSA-2005-586.html
- http://www.redhat.com/support/errata/RHSA-2005-587.html
- http://www.redhat.com/support/errata/RHSA-2005-601.html
- http://www.securityfocus.com/bid/14242
FAQ
What is CVE-2005-2261?
CVE-2005-2261 is a vulnerability with a CVSS score of 7.5 (HIGH). Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attacke...
How severe is CVE-2005-2261?
CVE-2005-2261 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2261?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla, Mozilla Thunderbird.