CVE-2005-1160

The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.

• ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
• http://secunia.com/advisories/14938Patch, Vendor Advisory
• http://secunia.com/advisories/14992Patch, Vendor Advisory
• http://secunia.com/advisories/19823
• http://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch, Vendor Advisory
• http://www.mozilla.org/security/announce/mfsa2005-41.htmlVendor Advisory
• http://www.novell.com/linux/security/advisories/2006_04_25.html
• http://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
• http://www.redhat.com/support/errata/RHSA-2005-384.html
• http://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
• http://www.redhat.com/support/errata/RHSA-2005-601.html
• http://www.securityfocus.com/bid/13233
• http://www.securityfocus.com/bid/15495
• https://bugzilla.mozilla.org/show_bug.cgi?id=289074Patch
• https://bugzilla.mozilla.org/show_bug.cgi?id=289083Patch
• https://bugzilla.mozilla.org/show_bug.cgi?id=289961Patch
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100017
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11291
• ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
• http://secunia.com/advisories/14938Patch, Vendor Advisory
• http://secunia.com/advisories/14992Patch, Vendor Advisory
• http://secunia.com/advisories/19823
• http://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch, Vendor Advisory
• http://www.mozilla.org/security/announce/mfsa2005-41.htmlVendor Advisory
• http://www.novell.com/linux/security/advisories/2006_04_25.html
• http://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
• http://www.redhat.com/support/errata/RHSA-2005-384.html
• http://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
• http://www.redhat.com/support/errata/RHSA-2005-601.html
• http://www.securityfocus.com/bid/13233
• http://www.securityfocus.com/bid/15495
• https://bugzilla.mozilla.org/show_bug.cgi?id=289074Patch
• https://bugzilla.mozilla.org/show_bug.cgi?id=289083Patch
• https://bugzilla.mozilla.org/show_bug.cgi?id=289961Patch
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100017
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11291

Published

May 2, 2005

Last Modified

Jun 16, 2026

Status

Modified