Description
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."
CVSS Metrics
- Vector
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Access Vector
- network
- Access Cmplx
- low
- Auth
- none
- Confidentiality
- partial
- Integrity
- partial
- Availability
- partial
- Weaknesses
- NVD-CWE-Other
Metadata
- Primary Vendor
- MOZILLA
- Published
- 5/2/2005
- Last Modified
- 4/3/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
mozilla : firefoxmozilla : firefoxmozilla : firefoxmozilla : firefoxmozilla : firefoxmozilla : firefoxmozilla : firefoxmozilla : firefoxmozilla : firefoxmozilla : firefoxmozilla : firefoxmozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillamozilla : mozillanetscape : navigator
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.