CVE-2005-2269 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2005-2269

CVE-2005-2269

July 13, 2005

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").

Related Resources (25)

http://www.debian.org/security/2005/dsa-810

http://www.novell.com/linux/security/advisories/2005_18_sr.html

http://www.mozilla.org/security/announce/mfsa2005-55.html

http://www.vupen.com/english/advisories/2005/1075

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777

http://secunia.com/advisories/16044

http://www.ciac.org/ciac/bulletins/p-252.shtml

https://people.canonical.com/~ubuntu-security/cve/CVE-2005-2269

https://bugzilla.mozilla.org/show_bug.cgi?id=298892

http://secunia.com/advisories/19823

http://www.securityfocus.com/bid/14242

http://www.novell.com/linux/security/advisories/2005_45_mozilla.html

http://secunia.com/advisories/16059

http://www.redhat.com/support/errata/RHSA-2005-587.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729

http://www.redhat.com/support/errata/RHSA-2005-601.html

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011

http://secunia.com/advisories/16043

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005

http://www.networksecurity.fi/advisories/netscape-multiple-issues.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.redhat.com/support/errata/RHSA-2005-586.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

CVSS v2

Base Score:

7.5

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

EPSS

Base Score:

7.51