Security Advisories for Firefox 1.5

Firefox 1.5 is unsupported. Please upgrade to the latest version.

Impact key

• Critical Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
• High Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
• Moderate Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
• Low Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)

# Fixed in Firefox 1.5.0.12

• 2007-17 XUL Popup Spoofing
• 2007-16 XSS using addEventListener
• 2007-14 Path Abuse in Cookies
• 2007-13 Persistent Autocomplete Denial of Service
• 2007-12 Crashes with evidence of memory corruption (rv:1.8.0.12/1.8.1.4)

# Fixed in Firefox 1.5.0.11

• 2007-11 FTP PASV port-scanning

# Fixed in Firefox 1.5.0.10

• 2007-09 Privilege escalation by setting img.src to javascript: URI
• 2007-08 onUnload + document.write() memory corruption
• 2007-07 Embedded nulls in location.hostname confuse same-domain checks
• 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflows
• 2007-05 XSS and local file access by opening blocked popupsand local file access by opening blocked popups
• 2007-04 Spoofing using custom cursor and CSS3 hotspot
• 2007-03 Information disclosure through cache collisions
• 2007-02 Improvements to help protect against Cross-Site Scripting attacks
• 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)

# Fixed in Firefox 1.5.0.9

• 2006-73 Mozilla SVG Processing Remote Code Execution
• 2006-72 XSS by setting img.src to javascript: URI
• 2006-71 LiveConnect crash finalizing JS objects
• 2006-70 Privilege escalation using watch point
• 2006-69 CSS cursor image buffer overflow (Windows only)
• 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)

# Fixed in Firefox 1.5.0.8

• 2006-67 Running Script can be recompiled
• 2006-66 RSA Signature Forgery (variant)
• 2006-65 Crashes with evidence of memory corruption (rv:1.8.0.8)

# Fixed in Firefox 1.5.0.7

• 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)
• 2006-62 Popup-blocker cross-site scripting (XSS)
• 2006-61 Frame spoofing using document.open()
• 2006-60 RSA Signature Forgery
• 2006-59 Concurrency-related vulnerability
• 2006-58 Auto-update compromise through DNS and SSL spoofing
• 2006-57 JavaScript Regular Expression Heap Corruption

# Fixed in Firefox 1.5.0.5

• 2006-56 chrome: scheme loading remote content
• 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)
• 2006-54 XSS with XPCNativeWrapper(window).Function(...)
• 2006-53 UniversalBrowserRead privilege escalation
• 2006-52 PAC privilege escalation using Function.prototype.call
• 2006-51 Privilege escalation using named-functions and redefined "new Object()"
• 2006-50 JavaScript engine vulnerabilities
• 2006-48 JavaScript new Function race condition
• 2006-47 Native DOM methods can be hijacked across domains
• 2006-46 Memory corruption with simultaneous events
• 2006-45 Javascript navigator Object Vulnerability
• 2006-44 Code execution through deleted frame reference

# Fixed in Firefox 1.5.0.4

• 2006-43 Privilege escalation using addSelectionListener
• 2006-42 Web site XSS using BOM on UTF-8 pages
• 2006-41 File stealing by changing input type (variant)
• 2006-39 "View Image" local resource linking (Windows)
• 2006-38 Buffer overflow in crypto.signText()
• 2006-37 Remote compromise via content-defined setter on object prototypes
• 2006-36 PLUGINSPAGE privileged JavaScript execution II
• 2006-35 Privilege escalation through XUL persist.
• 2006-34 XSS viewing javascript: frames or images from context menu
• 2006-33 HTTP response smuggling
• 2006-32 Fixes for crashes with potential memory corruption (rv:1.8.0.4)
• 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)

# Fixed in Firefox 1.5.0.3

• 2006-30 Deleted object reference when designMode="on"

# Fixed in Firefox 1.5.0.2

• 2006-29 Spoofing with translucent windows
• 2006-28 Security check of js_ValueToFunctionObject() can be circumvented
• 2006-27 Table Rebuilding Code Execution Vulnerability
• 2006-25 Privilege escalation through Print Preview
• 2006-24 Privilege escalation using crypto.generateCRMFRequest
• 2006-23 File stealing by changing input type
• 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
• 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)

# Fixed in Firefox 1.5.0.1

• 2006-08 "AnyName" entrainment and access control hazard
• 2006-07 Read beyond buffer while parsing XML
• 2006-06 Integer overflows in E4X, SVG, and Canvas
• 2006-05 Localstore.rdf XML injection through XULDocument.persist()
• 2006-04 Memory corruption via QueryInterface on Location, Navigator objects
• 2006-03 Long document title causes startup denial of service
• 2006-02 Changing position:relative to static corrupts memory
• 2006-01 JavaScript garbage-collection hazards

# Fixed in Firefox 1.5

• 2006-19 Cross-site scripting using .valueOf.call()
• 2006-18 Mozilla Firefox Tag Order Vulnerability
• 2006-17 cross-site scripting through window.controllers
• 2006-16 Accessing XBL compilation scope via valueOf.call()
• 2006-15 Privilege escalation using a JavaScript function's cloned parent
• 2006-14 Privilege escalation via XBL.method.eval
• 2006-13 Downloading executables with "Save Image As..."
• 2006-12 Secure-site spoof (requires security warning dialog)
• 2006-11 Crashes with evidence of memory corruption (rv:1.8)
• 2006-10 JavaScript garbage-collection hazard audit
• 2006-09 Cross-site JavaScript injection using event handlers