CVE-2005-2262 Information

Description

Firefox 1.0.3 and 1.0.4 and Netscape 8.0.2 allows remote attackers to execute arbitrary code by tricking the user into using the \Set As Wallpaper\ (in Firefox) or \Set as Background\ (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement aka \Firewalling.\

Reference

http://secunia.com/advisories/16043 http://secunia.com/advisories/16044 http://www.ciac.org/ciac/bulletins/p-252.shtml http://www.mikx.de/firewalling/ http://www.mozilla.org/security/announce/mfsa2005-47.html http://www.networksecurity.fi/advisories/netscape-multiple-issues.html http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.novell.com/linux/security/advisories/2005_45_mozilla.html http://www.redhat.com/support/errata/RHSA-2005-586.html http://www.securiteam.com/securitynews/5ZP0E0UGAK.html http://www.securityfocus.com/bid/14242 http://www.vupen.com/english/advisories/2005/1075 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A100011 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11097