CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
99.3%
Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to
replace an IFRAME (1) during the load stage or (2) in the case of an
about:blank frame, which allows remote attackers to display arbitrary HTML
or execute certain JavaScript code, as demonstrated by code that intercepts
keystroke values from window.event, aka the “promiscuous IFRAME access
bug,” a related issue to CVE-2006-4568.