CVE-2005-2260

The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.mozilla.org/security/announce/mfsa2005-45.html	Patch Vendor Advisory
http://www.networksecurity.fi/advisories/netscape-multiple-issues.html
http://bugzilla.mozilla.org/show_bug.cgi?id=289940
http://www.ciac.org/ciac/bulletins/p-252.shtml
http://www.securityfocus.com/bid/14242
http://secunia.com/advisories/16043
http://secunia.com/advisories/16044
http://secunia.com/advisories/16059
http://www.debian.org/security/2005/dsa-810
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
http://www.redhat.com/support/errata/RHSA-2005-586.html
http://www.redhat.com/support/errata/RHSA-2005-587.html
http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://www.vupen.com/english/advisories/2005/1075
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A742
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1226
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10132
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100013

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox:0.10:::::::*
	cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
	cpe:2.3:a:mozilla:firefox:0.9:rc::::::
	cpe:2.3:a:mozilla:mozilla:1.4:::::::*
	cpe:2.3:a:mozilla:mozilla:1.4.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.6:alpha::::::
	cpe:2.3:a:mozilla:mozilla:1.6:beta::::::
	cpe:2.3:a:mozilla:mozilla:1.7.7:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.8:::::::*
	cpe:2.3:a:mozilla:firefox:0.8:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:alpha::::::
	cpe:2.3:a:mozilla:mozilla:1.7:rc1::::::
	cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
	cpe:2.3:a:mozilla:firefox:0.9:::::::*
	cpe:2.3:a:mozilla:mozilla:1.5:alpha::::::
	cpe:2.3:a:mozilla:mozilla:1.5:rc1::::::
	cpe:2.3:a:mozilla:mozilla:1.3:::::::*
	cpe:2.3:a:mozilla:firefox:1.0:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:beta::::::
	cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.4:alpha::::::
	cpe:2.3:a:mozilla:mozilla:1.5.1:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.2:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:rc2::::::
	cpe:2.3:a:mozilla:mozilla:1.7.3:::::::*
	cpe:2.3:a:mozilla:mozilla:1.5:rc2::::::
	cpe:2.3:a:mozilla:mozilla:1.7.5:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.6:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:rc3::::::
	cpe:2.3:a:mozilla:mozilla:1.6:::::::*

Information

Published : 2005-07-12 21:00

Updated : 2017-10-10 18:30

NVD link : CVE-2005-2260

Mitre link : CVE-2005-2260

JSON object : View

CWE

NVD-CWE-Other

Products Affected

mozilla

firefox
mozilla

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.mozilla.org/security/announce/mfsa2005-45.html", "name": "http://www.mozilla.org/security/announce/mfsa2005-45.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", "name": "http://www.networksecurity.fi/advisories/netscape-multiple-issues.html", "tags": [], "refsource": "MISC"}, {"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=289940", "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=289940", "tags": [], "refsource": "MISC"}, {"url": "http://www.ciac.org/ciac/bulletins/p-252.shtml", "name": "P-252", "tags": [], "refsource": "CIAC"}, {"url": "http://www.securityfocus.com/bid/14242", "name": "14242", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/16043", "name": "16043", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/16044", "name": "16044", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/16059", "name": "16059", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2005/dsa-810", "name": "DSA-810", "tags": [], "refsource": "DEBIAN"}, {"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202", "name": "FLSA:160202", "tags": [], "refsource": "FEDORA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-586.html", "name": "RHSA-2005:586", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-587.html", "name": "RHSA-2005:587", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html", "name": "SUSE-SA:2005:045", "tags": [], "refsource": "SUSE"}, {"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html", "name": "SUSE-SR:2005:018", "tags": [], "refsource": "SUSE"}, {"url": "http://www.vupen.com/english/advisories/2005/1075", "name": "ADV-2005-1075", "tags": [], "refsource": "VUPEN"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A742", "name": "oval:org.mitre.oval:def:742", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1226", "name": "oval:org.mitre.oval:def:1226", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10132", "name": "oval:org.mitre.oval:def:10132", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100013", "name": "oval:org.mitre.oval:def:100013", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-2260", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2005-07-13T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-11T01:30Z"}

7.5 /10