Vulnerability Description
Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Greasemonkey | Greasemonkey | 0.3.3 |
References
- http://greaseblog.blogspot.com/2005/07/mandatory-greasemonkey-update.htmlPatch
- http://greasemonkey.mozdev.org/changes/0.3.5.htmlPatch
- http://mozdev.org/pipermail/greasemonkey/2005-July/004000.htmlExploit
- http://mozdev.org/pipermail/greasemonkey/2005-July/004022.html
- http://secunia.com/advisories/16128PatchVendor Advisory
- http://securitytracker.com/id?1014529ExploitPatch
- http://www.osvdb.org/18154
- http://www.securiteam.com/securitynews/5CP0P20GBK.htmlExploitPatch
- http://www.securityfocus.com/bid/14336ExploitPatch
- http://www.vupen.com/english/advisories/2005/1147
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21453
- http://greaseblog.blogspot.com/2005/07/mandatory-greasemonkey-update.htmlPatch
- http://greasemonkey.mozdev.org/changes/0.3.5.htmlPatch
- http://mozdev.org/pipermail/greasemonkey/2005-July/004000.htmlExploit
- http://mozdev.org/pipermail/greasemonkey/2005-July/004022.html
FAQ
What is CVE-2005-2455?
CVE-2005-2455 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, o...
How severe is CVE-2005-2455?
CVE-2005-2455 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2455?
Check the references section above for vendor advisories and patch information. Affected products include: Greasemonkey Greasemonkey.