Vulnerability Note VU#648758
XPInstall is a cross-platform software installation method used by Mozilla-based browsers.
By convincing a user to view an HTML document (e.g., a web page), an attacker could execute arbitrary commands or code with the privileges of the user. The attacker could take any action as the user. If the user has administrative privileges, the attacker could take complete control of the user's system.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Mozilla||Affected||-||10 May 2005|
|Red Hat Software, Inc.||Affected||-||01 Aug 2005|
CVSS Metrics (Learn More)
This vulnerability was reported by Paul of Greyhats and Michael Krax. Thanks to Daniel Veditz of the Mozilla Foundation for discussing the vulnerability.
This document was written by Will Dormann.
- CVE IDs: CAN-2005-1477
- Date Public: 07 May 2005
- Date First Published: 10 May 2005
- Date Last Updated: 01 Aug 2005
- Severity Metric: 8.57
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.