Rapid7 Vulnerability & Exploit Database

MFSA2005-46 Firefox: XBL scripts ran even when Javascript disabled

Back to Search

MFSA2005-46 Firefox: XBL scripts ran even when Javascript disabled

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
11/21/2013
Created
07/25/2018
Added
11/21/2013
Modified
11/21/2013

Description

Scripts in XBL controls from web content continued to be run even when Javascript was disabled. By itself this causes no harm, but it could be combined with most script-based exploits to attack people running vulnerable versions who thought disabling javascript would protect them.In the Thunderbird and Mozilla Suite mail clients Javascript is disabled by default for protection against denial-of-service attacks and worms; this vulnerability could be used to bypass that protection.

Solution(s)

  • mozilla-firefox-upgrade-1_0_5

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;