Unrated severityNVD Advisory· Published May 2, 2005· Updated Jun 16, 2026
CVE-2005-1157
CVE-2005-1157
Description
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
37cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
- (no CPE)range: <1.0.3
cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*+ 22 more
- cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*
- Range: <1.7.7
Patches
Vulnerability mechanics
References
14- secunia.com/advisories/14938nvdPatchVendor Advisory
- secunia.com/advisories/14992nvdPatchVendor Advisory
- secunia.com/advisories/14996nvdPatchVendor Advisory
- www.redhat.com/support/errata/RHSA-2005-383.htmlnvdPatchVendor Advisory
- www.redhat.com/support/errata/RHSA-2005-386.htmlnvdPatchVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdPatch
- www.mikx.de/firesearching/nvdExploit
- www.securityfocus.com/bid/13211nvdExploitPatch
- www.mozilla.org/security/announce/mfsa2005-38.htmlnvdVendor Advisory
- ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txtnvd
- www.redhat.com/support/errata/RHSA-2005-384.htmlnvd
- www.securityfocus.com/bid/15495nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/20125nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961nvd
News mentions
0No linked articles in our index yet.