CVE-2005-1157

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Mozilla; Navigator
Vendor: CVE Published:; 2 May 2005

Summary

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."

References

http://www.redhat.com/support/errata/RHSA-2005-386.html

vendor-advisoryx_refsource_REDHAT

http://secunia.com/advisories/14992

third-party-advisoryx_refsource_SECUNIA

http://www.mozilla.org/security/announce/mfsa2005-38.html

x_refsource_CONFIRM

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Apr 18, 2005