Vulnerability Description
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 0.8 |
| Mozilla | Mozilla | 1.3 |
References
- http://secunia.com/advisories/16043
- http://secunia.com/advisories/16044
- http://secunia.com/advisories/16059
- http://secunia.com/advisories/19823
- http://www.ciac.org/ciac/bulletins/p-252.shtml
- http://www.debian.org/security/2005/dsa-810
- http://www.mozilla.org/security/announce/mfsa2005-55.htmlPatchVendor Advisory
- http://www.networksecurity.fi/advisories/netscape-multiple-issues.html
- http://www.novell.com/linux/security/advisories/2005_18_sr.html
- http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- http://www.redhat.com/support/errata/RHSA-2005-586.html
- http://www.redhat.com/support/errata/RHSA-2005-587.html
- http://www.redhat.com/support/errata/RHSA-2005-601.html
- http://www.securityfocus.com/bid/14242
FAQ
What is CVE-2005-2269?
CVE-2005-2269 is a vulnerability with a CVSS score of 7.5 (HIGH). Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to ...
How severe is CVE-2005-2269?
CVE-2005-2269 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2269?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla.