CVE-2005-2269
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/07/2005
Last modified:
03/04/2025
Description
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/16043
- http://secunia.com/advisories/16044
- http://secunia.com/advisories/16059
- http://secunia.com/advisories/19823
- http://www.ciac.org/ciac/bulletins/p-252.shtml
- http://www.debian.org/security/2005/dsa-810
- http://www.mozilla.org/security/announce/mfsa2005-55.html
- http://www.networksecurity.fi/advisories/netscape-multiple-issues.html
- http://www.novell.com/linux/security/advisories/2005_18_sr.html
- http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- http://www.redhat.com/support/errata/RHSA-2005-586.html
- http://www.redhat.com/support/errata/RHSA-2005-587.html
- http://www.redhat.com/support/errata/RHSA-2005-601.html
- http://www.securityfocus.com/bid/14242
- http://www.vupen.com/english/advisories/2005/1075
- https://bugzilla.mozilla.org/show_bug.cgi?id=298892
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777
- http://secunia.com/advisories/16043
- http://secunia.com/advisories/16044
- http://secunia.com/advisories/16059
- http://secunia.com/advisories/19823
- http://www.ciac.org/ciac/bulletins/p-252.shtml
- http://www.debian.org/security/2005/dsa-810
- http://www.mozilla.org/security/announce/mfsa2005-55.html
- http://www.networksecurity.fi/advisories/netscape-multiple-issues.html
- http://www.novell.com/linux/security/advisories/2005_18_sr.html
- http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- http://www.redhat.com/support/errata/RHSA-2005-586.html
- http://www.redhat.com/support/errata/RHSA-2005-587.html
- http://www.redhat.com/support/errata/RHSA-2005-601.html
- http://www.securityfocus.com/bid/14242
- http://www.vupen.com/english/advisories/2005/1075
- https://bugzilla.mozilla.org/show_bug.cgi?id=298892
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100004
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100011
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1258
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A729
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9777