CVE-2005-1531 Information

Description

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection which allows remote attackers to execute script via \Wrapped\ javascript: URLs as demonstrated using (1) a javascript: URL in a view-source: URL (2) a javascript: URL in a jar: URL or (3) \a nested variant.\

Reference

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://securitytracker.com/id?1013962 http://securitytracker.com/id?1013963 http://www.mozilla.org/security/announce/mfsa2005-43.html http://www.redhat.com/support/errata/RHSA-2005-434.html http://www.redhat.com/support/errata/RHSA-2005-435.html http://www.securityfocus.com/bid/13641 http://www.securityfocus.com/bid/15495 http://www.vupen.com/english/advisories/2005/0530 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A100015 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10351