PT-2005-2171 · Mozilla+1 · Firefox+2

Michael Krax

Published

2005-04-18

Updated

2017-10-11

CVE-2005-1155

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 1.0.3 Mozilla Suite versions prior to 1.7.7

Description The issue allows remote attackers to execute arbitrary code via a tag with a javascript: URL in the href attribute. This is related to the favicon functionality.

Recommendations For Firefox versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. For Mozilla Suite versions prior to 1.7.7, update to version 1.7.7 or later to resolve the issue.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2005-1155

RHSA-2005:383

RHSA-2005:386

RHSA-2005_383

RHSA-2005_384

RHSA-2005_386

Affected Products

Firefox

Suite

Red Hat

PT-2005-2171 · Mozilla+1 · Firefox+2

CVE-2005-1155

Weakness Enumeration

Related Identifiers

Affected Products

References · 67