Remote Code Execution Vulnerability in Firefox and Mozilla Products
CVE-2005-2706

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Mozilla Suite
Vendor: CVE Published:; 23 September 2005

Summary

A security vulnerability in Firefox versions prior to 1.0.7 and Mozilla Suite versions prior to 1.7.12 enables remote attackers to execute arbitrary JavaScript with elevated privileges. This exploit can be triggered through specially crafted 'about:' pages, such as about:mozilla, leading to potential unauthorized actions on the user's system. Users of these outdated browser versions are strongly encouraged to update to the latest releases to mitigate this risk.

References

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRIVA

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.debian.org/security/2005/dsa-868

vendor-advisoryx_refsource_DEBIAN

Timeline

Vulnerability published
Sep 23, 2005
Vulnerability Reserved
Aug 26, 2005