Lucene search
Mozilla FoundationMFSA2007-20HistoryJul 17, 2007 - 12:00 a.m.
Frame spoofing while window is loading — Mozilla
2007-07-1700:00:00
Mozilla Foundation
www.mozilla.org
12
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.949
Percentile
99.3%
Ronen Zilberman and Michal Zalewski both reported that it was possible to exploit a timing issue to inject content into about:blank frames in a page. When opening a window from a script, it is possible to spoof the content of the newly opened window’s frames within a short time frame, while the window is loading.
Affected configurations
Node
mozillafirefoxRange<2.0.0.5
ORmozillaseamonkeyRange<1.1.3
Related
cert
cert
Mozilla Firefox allows cross-domain iframe access via JavaScript
2007-06-08 00:00:00
seebug
seebug
Firefox about:blank IFRME帧跨域访问漏洞
2007-07-20 00:00:00
veracode
veracode
Arbitrary Code Injection
2020-04-10 00:17:15
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2007-20
2007-07-19 00:00:00
Mozilla Firefox, Thunderbird, Seamonkey multiple securityvulnerabilities
2007-07-19 00:00:00
prion
prion
Code injection
2007-06-06 21:30:00
Cross site scripting
2007-08-08 01:17:00
cve
cve
CVE-2007-3089
2007-06-06 21:30:00
CVE-2007-3844
2007-08-08 01:17:00
ubuntucve
ubuntucve
CVE-2007-3089
2007-06-06 00:00:00
CVE-2007-3844
2007-08-08 00:00:00
nvd
nvd
CVE-2007-3844
2007-08-08 01:17:00
CVE-2007-3089
2007-06-06 21:30:00
cvelist
cvelist
CVE-2007-3844
2007-08-08 01:11:00
CVE-2007-3089
2007-06-06 21:00:00
openvas
openvas
FreeBSD Ports: firefox
2008-09-04 00:00:00
FreeBSD Ports: firefox
2008-09-04 00:00:00
Fedora Update for thunderbird FEDORA-2007-1180
2009-02-27 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2007-07-17 00:00:00
nessus
nessus
FreeBSD : mozilla -- multiple vulnerabilities (e190ca65-3636-11dc-a697-000c6ec775d9)
2007-07-23 00:00:00
Fedora Core 6 : thunderbird-1.5.0.12-2.fc6 (2007-641)
2007-07-23 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: thunderbird-2.0.0.5-1.fc7
2007-07-20 19:32:33
[SECURITY] Fedora Core 6 Update: thunderbird-1.5.0.12-2.fc6
2007-07-20 16:21:25
[SECURITY] Fedora 7 Update: epiphany-2.18.3-2.fc7
2007-07-18 20:55:58
centos
centos
thunderbird security update
2007-07-19 19:16:54
seamonkey security update
2007-07-19 11:53:21
firefox security update
2007-07-19 13:36:22
oraclelinux
oraclelinux
Moderate: thunderbird security update
2007-07-19 00:00:00
Critical: firefox security update
2007-07-19 00:00:00
Critical: seamonkey security update
2007-07-19 00:00:00
redhat
redhat
(RHSA-2007:0723) Moderate: thunderbird security update
2007-07-18 00:00:00
(RHSA-2007:0722) Critical: seamonkey security update
2007-07-18 00:00:00
(RHSA-2007:0724) Critical: firefox security update
2007-07-18 00:00:00
debian
debian
[SECURITY] [DSA 1338-1] New iceweasel packages fix several vulnerabilities
2007-07-23 17:27:52
[SECURITY] [DSA 1339-1] New iceape packages fix several vulnerabilities
2007-07-24 00:00:33
[SECURITY] [DSA 1337-1] New xulrunner packages fix several vulnerabilities
2007-07-22 19:19:22
osv
osv
gentoo
gentoo
Mozilla products: Multiple vulnerabilities
2007-08-14 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2007-07-20 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,Seamonkey
2007-08-02 16:31:06
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.949
Percentile
99.3%
Related for MFSA2007-20