CVE-2005-2263 Affecting mozilla package, versions [0.8,1.0.4]


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.82% (82nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-MOZILLA-2378908
  • published26 Jan 2022
  • disclosed13 Jul 2005
  • creditUnknown

Introduced: 13 Jul 2005

CVE-2005-2263  (opens in a new tab)

How to fix?

There is no fixed version for mozilla.

Overview

The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.

References

CVSS Scores

version 3.1