Vulnerability Report

CVE-2005-0989

Title: Mozilla Javascript engine heap memory read

Information Disclosure

Proof Of Concept

PoC Available for CVE-2005-0989

CWE Category NVD-CWE-noinfo

Published Date May 02, 2005

Modified Date Apr 03, 2025

Exploit Status Available

Score 5.0 CVSS v2.0

Exploit Probability (EPSS)

25.30%

Vulnerability Summary

CVE-2005-0989: The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.

Impacted Vendors

mozilla 2

cloudera 1

netscape 1

Reference Links

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/14820 http://secunia.com/advisories/14821 http://secunia.com/advisories/19823 http://securitytracker.com/id?1013635 http://securitytracker.com/id?1013643 http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml http://www.mozilla.org/security/announce/mfsa2005-33.html http://www.novell.com/linux/security/advisories/2006_04_25.html http://www.redhat.com/support/errata/RHSA-2005-383.html http://www.redhat.com/support/errata/RHSA-2005-384.html http://www.redhat.com/support/errata/RHSA-2005-386.html http://www.redhat.com/support/errata/RHSA-2005-601.html http://www.securityfocus.com/bid/12988 http://www.securityfocus.com/bid/15495 https://bugzilla.mozilla.org/show_bug.cgi?id=288688 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/14820 http://secunia.com/advisories/14821 http://secunia.com/advisories/19823 http://securitytracker.com/id?1013635 http://securitytracker.com/id?1013643 http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml http://www.mozilla.org/security/announce/mfsa2005-33.html http://www.novell.com/linux/security/advisories/2006_04_25.html http://www.redhat.com/support/errata/RHSA-2005-383.html http://www.redhat.com/support/errata/RHSA-2005-384.html http://www.redhat.com/support/errata/RHSA-2005-386.html http://www.redhat.com/support/errata/RHSA-2005-601.html http://www.securityfocus.com/bid/12988 http://www.securityfocus.com/bid/15495 https://bugzilla.mozilla.org/show_bug.cgi?id=288688 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

5.0

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:N/C:P/I:N/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2005-0989 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/25334

View Code

April 03, 2025 MODIFIED

Vulnerability data or affected products updated.

May 02, 2005 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected Stack

No specific products linked.