LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

mozilla firefox: javascript vulnerabilities

Package(s):mozilla firefox CVE #(s):CAN-2005-1531 CAN-2005-1532
Created:June 9, 2005 Updated:July 19, 2005
Description: Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript.

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CAN-2005-1160.

Alerts:
Fedora-Legacy FLSA:158149 2005-07-15
SuSE SUSE-SA:2005:030 2005-06-09
(Log in to post comments)

mozilla firefox: javascript vulnerabilities

Posted Jul 28, 2005 7:57 UTC (Thu) by mjc@redhat.com (guest, #2303) [Link]

Fixed by RHSA-2005:434 2005-05-23

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds