Remote Code Execution Vulnerability in Firefox and Mozilla Products
CVE-2005-1157

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Mozilla; Navigator
Vendor: CVE Published:; 2 May 2005

Summary

A vulnerability exists in Firefox versions before 1.0.3, Mozilla Suite prior to 1.7.7, and Netscape 7.2 that allows remote attackers to exploit search plugin functionality. By leveraging the sidebar.addSearchEngine method, attackers can replace legitimate search plugins with malicious ones, potentially executing scripts while remaining undetected in the GUI. This security flaw could compromise user data and control over browser functionalities.

References

http://www.redhat.com/support/errata/RHSA-2005-386.html

vendor-advisoryx_refsource_REDHAT

http://secunia.com/advisories/14992

third-party-advisoryx_refsource_SECUNIA

http://www.mozilla.org/security/announce/mfsa2005-38.html

x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Apr 18, 2005