Launchpad CVE tracker

CVE 2005-2269

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").

Related bugs and status

CVE-2005-2269 (Candidate) is related to these bugs:

Bug #15339: mozilla-thunderbird: FTBFS (gcc-4.0/amd64/ppc64): array type has incomplete element type

Summary				In	Importance	Status
	15339	mozilla-thunderbird: FTBFS (gcc-4.0/amd64/ppc64): array type has incomplete element type		mozilla-thunderbird (Ubuntu)	High	Fix Released
	15339	mozilla-thunderbird: FTBFS (gcc-4.0/amd64/ppc64): array type has incomplete element type		mozilla-thunderbird (Debian)	Unknown	Fix Released

Bug #19078: Multiple vulnerabilities in Thunderbird 1.0.2

Summary				In	Importance	Status
	19078	Multiple vulnerabilities in Thunderbird 1.0.2		mozilla-thunderbird (Ubuntu)	Medium	Fix Released

Bug #20324: mozilla-thunderbird: Multiple security problems (fixed in sarge/sid, not-fixed in etch)

Summary				In	Importance	Status
	20324	mozilla-thunderbird: Multiple security problems (fixed in sarge/sid, not-fixed in etch)		mozilla-thunderbird (Ubuntu)	High	Fix Released
	20324	mozilla-thunderbird: Multiple security problems (fixed in sarge/sid, not-fixed in etch)		mozilla-thunderbird (Debian)	Unknown	Fix Released

Bug #20648: Various security bugs unfixed in debian stable

Summary				In	Importance	Status
	20648	Various security bugs unfixed in debian stable		mozilla (Ubuntu)	High	Invalid
	20648	Various security bugs unfixed in debian stable		mozilla (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2005-2269

References