CVE-2005-1937 : A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one pa

A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.

Published 2005-06-14 04:00:00

Updated 2017-10-11 01:30:11

Source Debian GNU/Linux

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2005-1937

Probability of exploitation activity in the next 30 days: 0.29%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 65 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2005-1937

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.6	LOW	AV:N/AC:H/Au:N/C:N/I:P/A:N	4.9	2.9	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2005-1937

Products affected by CVE-2005-1937

Mozilla » Mozilla » Version: 1.7.7
cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.0.3
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2005-1937

Exploit prediction scoring system (EPSS) score for CVE-2005-1937

CVSS scores for CVE-2005-1937

References for CVE-2005-1937

Products affected by CVE-2005-1937