CVE-2005-0591 - OpenCVE

Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Mozilla	Firefox

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox:0.8:::::::*
	cpe:2.3:a:mozilla:firefox:0.9:::::::*
	cpe:2.3:a:mozilla:firefox:0.9:rc::::::
	cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
	cpe:2.3:a:mozilla:firefox:0.10:::::::*
	cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.0:::::::*

References

Link	Resource
http://marc.info/?l=bugtraq&m=110547286002188&w=2
http://secunia.com/advisories/13786
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml	Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml	Patch Vendor Advisory
http://www.mikx.de/firespoofing/	Exploit
http://www.mikx.de/index.php?p=7	Vendor Advisory
http://www.mozilla.org/security/announce/mfsa2005-16.html
http://www.redhat.com/support/errata/RHSA-2005-176.html
http://www.redhat.com/support/errata/RHSA-2005-384.html
http://www.securityfocus.com/bid/12234
https://bugzilla.mozilla.org/show_bug.cgi?id=260560	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/18864
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100042
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10039

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2005-02-28T05:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2005-02-28T00:00:00

Link: CVE-2005-0591

JSON object: View

NVD Information

Status : Modified

Published: 2005-05-02T04:00:00.000

Modified: 2017-10-11T01:29:58.560

Link: CVE-2005-0591

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-01-11T00:00:00", "descriptions": [{"lang": "en", "value": "Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka \"Firespoofing.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/mfsa2005-16.html"}, {"name": "web-browser-modal-spoofing(18864)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18864"}, {"name": "13786", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/13786"}, {"tags": ["x_refsource_MISC"], "url": "http://www.mikx.de/firespoofing/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=260560"}, {"name": "20050111 Firespoofing [Firefox 1.0]", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=110547286002188&w=2"}, {"name": "12234", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/12234"}, {"name": "RHSA-2005:176", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2005-176.html"}, {"name": "oval:org.mitre.oval:def:100042", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100042"}, {"name": "RHSA-2005:384", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"}, {"name": "GLSA-200503-30", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"}, {"name": "oval:org.mitre.oval:def:10039", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10039"}, {"name": "GLSA-200503-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"}, {"tags": ["x_refsource_MISC"], "url": "http://www.mikx.de/index.php?p=7"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2005-0591", "datePublished": "2005-02-28T05:00:00", "dateReserved": "2005-02-28T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "93C142C5-3A85-432B-80D6-2E7B1B4694F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "2434FCE7-A50B-4527-9970-C7224B31141C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "matchCriteriaId": "5633FB6E-D623-49D4-9858-4E20E64DE458", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", "matchCriteriaId": "010B34F4-910E-4515-990B-8E72DF009578", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5A545A77-2198-4685-A87F-E0F2DAECECF6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka \"Firespoofing.\""}], "id": "CVE-2005-0591", "lastModified": "2017-10-11T01:29:58.560", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2005-05-02T04:00:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=110547286002188&w=2"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/13786"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://www.mikx.de/firespoofing/"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.mikx.de/index.php?p=7"}, {"source": "secalert@redhat.com", "url": "http://www.mozilla.org/security/announce/mfsa2005-16.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2005-176.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/12234"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=260560"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18864"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100042"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10039"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}