MitreCVE-2007-3089CVE-2007-3089
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
99.3%
Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the “promiscuous IFRAME access bug,” a related issue to CVE-2006-4568.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | 1.5.4 | cpe:/a:mozilla:firefox:1.5.4::: |
| mozilla | firefox | 1.0.6 | cpe:/a:mozilla:firefox:1.0.6::: |
| mozilla | firefox | 0.8 | cpe:/a:mozilla:firefox:0.8::: |
| mozilla | firefox | 1.5.0.5 | cpe:/a:mozilla:firefox:1.5.0.5::: |
| mozilla | firefox | 1.0.5 | cpe:/a:mozilla:firefox:1.0.5::: |
| mozilla | firefox | 1.5.0.1 | cpe:/a:mozilla:firefox:1.5.0.1::: |
| mozilla | firefox | 2.0 | cpe:/a:mozilla:firefox:2.0::: |
| mozilla | firefox | 1.0.2 | cpe:/a:mozilla:firefox:1.0.2::: |
| mozilla | firefox | 1.0.7 | cpe:/a:mozilla:firefox:1.0.7::: |
| mozilla | firefox | 1.5 | cpe:/a:mozilla:firefox:1.5::: |
References
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
lcamtuf.coredump.cx/ifsnatch/
osvdb.org/38024
secunia.com/advisories/25589
secunia.com/advisories/26072
secunia.com/advisories/26095
secunia.com/advisories/26103
secunia.com/advisories/26106
secunia.com/advisories/26107
secunia.com/advisories/26149
secunia.com/advisories/26151
secunia.com/advisories/26159
secunia.com/advisories/26179
secunia.com/advisories/26204
secunia.com/advisories/26205
secunia.com/advisories/26211
secunia.com/advisories/26216
secunia.com/advisories/26258
secunia.com/advisories/26271
secunia.com/advisories/26460
secunia.com/advisories/28135
securityreason.com/securityalert/2781
sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
www.debian.org/security/2007/dsa-1337
www.debian.org/security/2007/dsa-1338
www.debian.org/security/2007/dsa-1339
www.gentoo.org/security/en/glsa/glsa-200708-09.xml
www.kb.cert.org/vuls/id/143297
www.mandriva.com/security/advisories?name=MDKSA-2007:152
www.mozilla.org/security/announce/2007/mfsa2007-20.html
www.novell.com/linux/security/advisories/2007_49_mozilla.html
www.redhat.com/support/errata/RHSA-2007-0722.html
www.redhat.com/support/errata/RHSA-2007-0723.html
www.redhat.com/support/errata/RHSA-2007-0724.html
www.securityfocus.com/archive/1/470446/100/0/threaded
www.securityfocus.com/archive/1/474226/100/0/threaded
www.securityfocus.com/archive/1/474542/100/0/threaded
www.securityfocus.com/bid/24286
www.securitytracker.com/id?1018412
www.ubuntu.com/usn/usn-490-1
www.us-cert.gov/cas/techalerts/TA07-199A.html
www.vupen.com/english/advisories/2007/2564
www.vupen.com/english/advisories/2007/4256
bugzilla.mozilla.org/show_bug.cgi?id=381300
bugzilla.mozilla.org/show_bug.cgi?id=382686
exchange.xforce.ibmcloud.com/vulnerabilities/34701
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11122
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
99.3%