Remote Code Execution Vulnerability in Firefox and Mozilla Suite
CVE-2005-2704

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Mozilla Suite
Vendor: CVE Published:; 23 September 2005

What is CVE-2005-2704?

A vulnerability in Firefox prior to version 1.0.7 and Mozilla Suite prior to version 1.7.12 allows remote attackers to exploit an issue with XBL controls. By triggering an internal XPCOM interface, these attackers can spoof Document Object Model (DOM) objects, which may lead to unauthorized actions or data exposure in the user's session.

References

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://www.debian.org/security/2005/dsa-868

vendor-advisoryx_refsource_DEBIAN

http://www.vupen.com/english/advisories/2005/1824

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2005
Vulnerability Reserved
Aug 26, 2005