CVE-2005-2263

Description

The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.

Software From Fixed in
mozilla / mozilla 1.3 1.3.x
mozilla / mozilla 1.4 1.4.x
mozilla / mozilla 1.4-alpha 1.4-alpha.x
mozilla / mozilla 1.4.1 1.4.1.x
mozilla / mozilla 1.5 1.5.x
mozilla / mozilla 1.5-alpha 1.5-alpha.x
mozilla / mozilla 1.5-rc1 1.5-rc1.x
mozilla / mozilla 1.5-rc2 1.5-rc2.x
mozilla / mozilla 1.5.1 1.5.1.x
mozilla / mozilla 1.6 1.6.x
mozilla / mozilla 1.6-alpha 1.6-alpha.x
mozilla / mozilla 1.6-beta 1.6-beta.x
mozilla / mozilla 1.7 1.7.x
mozilla / mozilla 1.7-alpha 1.7-alpha.x
mozilla / mozilla 1.7-beta 1.7-beta.x
mozilla / mozilla 1.7-rc1 1.7-rc1.x
mozilla / mozilla 1.7-rc2 1.7-rc2.x
mozilla / mozilla 1.7-rc3 1.7-rc3.x
mozilla / mozilla 1.7.1 1.7.1.x
mozilla / mozilla 1.7.2 1.7.2.x
mozilla / mozilla 1.7.3 1.7.3.x
mozilla / mozilla 1.7.5 1.7.5.x
mozilla / mozilla 1.7.6 1.7.6.x
mozilla / mozilla 1.7.7 1.7.7.x
mozilla / mozilla 1.7.8 1.7.8.x
mozilla / firefox 0.10 0.10.x
mozilla / firefox 0.10.1 0.10.1.x
mozilla / firefox 0.8 0.8.x
mozilla / firefox 0.9 0.9.x
mozilla / firefox 0.9-rc 0.9-rc.x
mozilla / firefox 0.9.1 0.9.1.x
mozilla / firefox 0.9.2 0.9.2.x
mozilla / firefox 0.9.3 0.9.3.x
mozilla / firefox 1.0 1.0.x
mozilla / firefox 1.0.1 1.0.1.x
mozilla / firefox 1.0.2 1.0.2.x
mozilla / firefox 1.0.3 1.0.3.x
mozilla / firefox 1.0.4 1.0.4.x