CVSS: 7.5EPSS: 0%CPEs: 35EXPL: 2CVE-2005-1156
https://notcve.org/view.php?id=CVE-2005-1156
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1." • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/14938 http://secunia.com/advisories/14992 http://secunia.com/advisories/14996 http://securitytracker.com/id?1013745 http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml http://www.mikx.de/firesearching http://www.mozilla.org/security/announce/mfsa2005-38.html http://www.redhat.com/support/errata/RHSA-2005-383.html http://www.redhat.com/support/errata/RHSA-2005 •
CVSS: 5.0EPSS: 19%CPEs: 11EXPL: 0CVE-2005-1158
https://notcve.org/view.php?id=CVE-2005-1158
Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar. • http://secunia.com/advisories/14938 http://www.mozilla.org/security/announce/mfsa2005-39.html http://www.redhat.com/support/errata/RHSA-2005-383.html http://www.securityfocus.com/bid/13231 https://bugzilla.mozilla.org/show_bug.cgi?id=290079 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11734 https://access.redhat.com/security/cve/CVE-2005-1158 https:// •
CVSS: 7.5EPSS: 2%CPEs: 34EXPL: 0CVE-2005-1154
https://notcve.org/view.php?id=CVE-2005-1154
Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution." • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/14938 http://secunia.com/advisories/14992 http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml http://www.mozilla.org/security/announce/mfsa2005-36.html http://www.redhat.com/support/errata/RHSA-2005-383.html http://www.redhat.com/support/errata/RHSA-2005-384.html http://www.redhat.com/support/errata/RHSA-2005-386.html http://www.securityfocus.com/bid/13230 •
CVSS: 7.5EPSS: 1%CPEs: 34EXPL: 0CVE-2005-1159
https://notcve.org/view.php?id=CVE-2005-1159
The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/14938 http://secunia.com/advisories/14992 http://secunia.com/advisories/19823 http://securitytracker.com/id?1013742 http://securitytracker.com/id?1013743 http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml http://www.mozilla.org/security/announce/mfsa2005-40.html http://www.novell.com/linux/security/advisories/2006_04_25.html http://www.redhat.com/support/errata& •
CVSS: 7.5EPSS: 92%CPEs: 34EXPL: 1CVE-2005-1155
https://notcve.org/view.php?id=CVE-2005-1155
The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking." • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/14938 http://secunia.com/advisories/14992 http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml http://www.kb.cert.org/vuls/id/973309 http://www.mikx.de/firelinking http://www.mozilla.org/security/announce/mfsa2005-37.html http://www.redhat.com/support/errata/RHSA-2005-383.html http://www.redhat.com/support/errata/RHSA-2005-384.html http://www.redha • CWE-94: Improper Control of Generation of Code ('Code Injection') •