|
|
Subscribe / Log in / New account

mozilla firefox: javascript vulnerabilities

Package(s):mozilla firefox CVE #(s):CAN-2005-1531 CAN-2005-1532
Created:June 9, 2005 Updated:July 19, 2005
Description: Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript.

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CAN-2005-1160.

Alerts:
Fedora-Legacy FLSA:158149 mozilla 2005-07-15
SuSE SUSE-SA:2005:030 MozillaFirefox 2005-06-09
to post comments

mozilla firefox: javascript vulnerabilities

Posted Jul 28, 2005 7:57 UTC (Thu) by mjc@redhat.com (guest, #2303) [Link]

Fixed by RHSA-2005:434 2005-05-23


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds