CVE-2005-1154

Publication date 2 May 2005

Last updated 24 July 2024


Ubuntu priority

Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."

Status

Package Ubuntu Release Status
mozilla 7.10 gutsy Not in release
7.04 feisty Not in release
6.10 edgy
Not affected
6.06 LTS dapper
Not affected

References

Related Ubuntu Security Notices (USN)

    • USN-124-1
    • Mozilla and Firefox vulnerabilities
    • 11 May 2005
    • USN-149-3
    • Ubuntu 4.10 update for Firefox vulnerabilities
    • 28 July 2005

Other references