CVE-2005-1157 Information

Description

Firefox before 1.0.3 Mozilla Suite before 1.7.7 and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine which may not be displayed in the GUI which could then be used to execute malicious script aka \Firesearching 2.\

Reference

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/14938 http://secunia.com/advisories/14992 http://secunia.com/advisories/14996 http://www.mikx.de/firesearching/ http://www.mozilla.org/security/announce/mfsa2005-38.html http://www.redhat.com/support/errata/RHSA-2005-383.html http://www.redhat.com/support/errata/RHSA-2005-384.html http://www.redhat.com/support/errata/RHSA-2005-386.html http://www.securityfocus.com/bid/13211 http://www.securityfocus.com/bid/15495 https://bugzilla.mozilla.org/show_bug.cgi?id=290037 https://exchange.xforce.ibmcloud.com/vulnerabilities/20125 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9961