CVE-2005-2269

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").

Published: Jul 13, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2269
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / firefox	0.8	0.8.x
mozilla / mozilla	1.7-alpha	1.7-alpha.x
mozilla / mozilla	1.7-rc1	1.7-rc1.x
mozilla / mozilla	1.5-rc2	1.5-rc2.x
mozilla / firefox	1.0.2	1.0.2.x
mozilla / mozilla	1.7	1.7.x
mozilla / firefox	0.9.1	0.9.1.x
mozilla / firefox	1.0.4	1.0.4.x
mozilla / mozilla	1.7.5	1.7.5.x
mozilla / firefox	0.10.1	0.10.1.x
mozilla / firefox	0.9	0.9.x
mozilla / mozilla	1.6-beta	1.6-beta.x
mozilla / mozilla	1.4.1	1.4.1.x
mozilla / mozilla	1.5-alpha	1.5-alpha.x
mozilla / mozilla	1.5-rc1	1.5-rc1.x
mozilla / mozilla	1.7.7	1.7.7.x
mozilla / mozilla	1.3	1.3.x
mozilla / firefox	1.0	1.0.x
mozilla / mozilla	1.7-beta	1.7-beta.x
mozilla / firefox	1.0.1	1.0.1.x
mozilla / mozilla	1.4	1.4.x
mozilla / mozilla	1.5	1.5.x
mozilla / firefox	1.0.3	1.0.3.x
mozilla / mozilla	1.7.6	1.7.6.x
mozilla / mozilla	1.7.1	1.7.1.x
mozilla / firefox	0.9.3	0.9.3.x
mozilla / mozilla	1.4-alpha	1.4-alpha.x
mozilla / mozilla	1.7.8	1.7.8.x
mozilla / mozilla	1.5.1	1.5.1.x
mozilla / firefox	0.9.2	0.9.2.x
mozilla / mozilla	1.7.2	1.7.2.x
mozilla / firefox	0.9-rc	0.9-rc.x
mozilla / mozilla	1.7-rc3	1.7-rc3.x
mozilla / mozilla	1.7-rc2	1.7-rc2.x
mozilla / firefox	0.10	0.10.x
mozilla / mozilla	1.7.3	1.7.3.x
mozilla / mozilla	1.6-alpha	1.6-alpha.x
mozilla / mozilla	1.6	1.6.x

Vulnerability Database

289,697

CVE-2005-2269