CVE-2005-0141 - Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "wi

CVE-2005-0141

Summary

Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.

References

Vulnerable Configurations

cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:N/A:N

oval via4

accepted

2007-05-09T16:10:50.239-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation

description

family

windows

oval:org.mitre.oval:def:100057

status

accepted

submitted

2005-08-16T12:00:00.000-04:00

title

Mozilla Local File Loading Vulnerability

version

accepted

2013-04-29T04:08:25.321-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:10756

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."

version

redhat via4

advisories

rhsa
id RHSA-2005:323
rhsa
id RHSA-2005:335

rpms

devhelp-0:0.9.2-2.4.3
devhelp-debuginfo-0:0.9.2-2.4.3
devhelp-devel-0:0.9.2-2.4.3
evolution-0:2.0.2-14
evolution-debuginfo-0:2.0.2-14
evolution-devel-0:2.0.2-14

refmap via4

bid	12407
confirm	http://www.mozilla.org/security/announce/mfsa2005-01.html https://bugzilla.mozilla.org/show_bug.cgi?id=249332
xf	mozilla-firefox-file-upload(19168)

Last major update

11-10-2017 - 01:29

Published

02-05-2005 - 04:00

Last modified

11-10-2017 - 01:29