CVE-2005-2269 - OpenCVE

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Mozilla	Mozilla Firefox

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox:0.8:::::::*
	cpe:2.3:a:mozilla:firefox:0.9:::::::*
	cpe:2.3:a:mozilla:firefox:0.9:rc::::::
	cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
	cpe:2.3:a:mozilla:firefox:0.10:::::::*
	cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.0:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
	cpe:2.3:a:mozilla:mozilla:1.3:::::::*
	cpe:2.3:a:mozilla:mozilla:1.4:::::::*
	cpe:2.3:a:mozilla:mozilla:1.4:alpha::::::
	cpe:2.3:a:mozilla:mozilla:1.4.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.5:::::::*
	cpe:2.3:a:mozilla:mozilla:1.5:alpha::::::
	cpe:2.3:a:mozilla:mozilla:1.5:rc1::::::
	cpe:2.3:a:mozilla:mozilla:1.5:rc2::::::
	cpe:2.3:a:mozilla:mozilla:1.5.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.6:::::::*
	cpe:2.3:a:mozilla:mozilla:1.6:alpha::::::
	cpe:2.3:a:mozilla:mozilla:1.6:beta::::::
	cpe:2.3:a:mozilla:mozilla:1.7:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:alpha::::::
	cpe:2.3:a:mozilla:mozilla:1.7:beta::::::
	cpe:2.3:a:mozilla:mozilla:1.7:rc1::::::
	cpe:2.3:a:mozilla:mozilla:1.7:rc2::::::
	cpe:2.3:a:mozilla:mozilla:1.7:rc3::::::
	cpe:2.3:a:mozilla:mozilla:1.7.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.2:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.3:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.5:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.6:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.7:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.8:::::::*

References

Link	Resource
http://secunia.com/advisories/16043
http://secunia.com/advisories/16044
http://secunia.com/advisories/16059
http://secunia.com/advisories/19823
http://www.ciac.org/ciac/bulletins/p-252.shtml
http://www.debian.org/security/2005/dsa-810
http://www.mozilla.org/security/announce/mfsa2005-55.html	Patch Vendor Advisory
http://www.networksecurity.fi/advisories/netscape-multiple-issues.html
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
http://www.novell.com/linux/security/advisories/2006_04_25.html
http://www.redhat.com/support/errata/RHSA-2005-586.html
http://www.redhat.com/support/errata/RHSA-2005-587.html
http://www.redhat.com/support/errata/RHSA-2005-601.html
http://www.securityfocus.com/bid/14242
http://www.vupen.com/english/advisories/2005/1075
https://bugzilla.mozilla.org/show_bug.cgi?id=298892	Exploit Vendor Advisory
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777