CVE-2005-2263
CVE-2005-2263
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://bugzilla.mozilla.org/show_bug.cgi?id=293331https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202http://secunia.com/advisories/16043http://secunia.com/advisories/16059https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100010https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100016https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11629https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1281https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1311http://www.ciac.org/ciac/bulletins/p-252.shtmlhttp://www.debian.org/security/2005/dsa-810http://www.mozilla.org/security/announce/mfsa2005-48.html