CVE-2005-1160 Information

Description

The privileged \chrome\ UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes as demonstrated using multiple attacks involving the eval function or the Script object.

Reference

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/14938 http://secunia.com/advisories/14992 http://secunia.com/advisories/19823 http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml http://www.mozilla.org/security/announce/mfsa2005-41.html http://www.novell.com/linux/security/advisories/2006_04_25.html http://www.redhat.com/support/errata/RHSA-2005-383.html http://www.redhat.com/support/errata/RHSA-2005-384.html http://www.redhat.com/support/errata/RHSA-2005-386.html http://www.redhat.com/support/errata/RHSA-2005-601.html http://www.securityfocus.com/bid/13233 http://www.securityfocus.com/bid/15495 https://bugzilla.mozilla.org/show_bug.cgi?id=289074 https://bugzilla.mozilla.org/show_bug.cgi?id=289083 https://bugzilla.mozilla.org/show_bug.cgi?id=289961 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A100017 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11291