CVE-2005-0150

Sažetak

Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code.

Reference

http://www.mozilla.org/security/announce/mfsa2005-12.html
http://www.securityfocus.com/bid/12407
https://bugzilla.mozilla.org/show_bug.cgi?id=265668
https://exchange.xforce.ibmcloud.com/vulnerabilities/19187
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100046

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-10-2017 - 01:29

Objavljeno

26-05-2005 - 04:00