Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."
References
Link | Resource |
---|---|
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt | |
http://secunia.com/advisories/14938 | Patch Vendor Advisory |
http://secunia.com/advisories/14992 | Patch Vendor Advisory |
http://secunia.com/advisories/14996 | Patch Vendor Advisory |
http://www.mikx.de/firesearching/ | Exploit |
http://www.mozilla.org/security/announce/mfsa2005-38.html | Vendor Advisory |
http://www.redhat.com/support/errata/RHSA-2005-383.html | Patch Vendor Advisory |
http://www.redhat.com/support/errata/RHSA-2005-384.html | |
http://www.redhat.com/support/errata/RHSA-2005-386.html | Patch Vendor Advisory |
http://www.securityfocus.com/bid/13211 | Exploit Patch |
http://www.securityfocus.com/bid/15495 | |
https://bugzilla.mozilla.org/show_bug.cgi?id=290037 | Patch |
https://exchange.xforce.ibmcloud.com/vulnerabilities/20125 | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2005-04-18T04:00:00
Updated: 2017-10-10T00:57:01
Reserved: 2005-04-18T00:00:00
Link: CVE-2005-1157
JSON object: View
NVD Information
Status : Modified
Published: 2005-05-02T04:00:00.000
Modified: 2017-10-11T01:30:03.937
Link: CVE-2005-1157
JSON object: View
Redhat Information
No data.
CWE