CVE-2004-0718

HIGH

Description

The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt

http://bugzilla.mozilla.org/show_bug.cgi?id=246448

http://marc.info/?l=bugtraq&m=109900315219363&w=2

http://secunia.com/advisories/11978

http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/

http://www.debian.org/security/2005/dsa-777

http://www.debian.org/security/2005/dsa-810

http://www.mandriva.com/security/advisories?name=MDKSA-2004:082

http://www.novell.com/linux/security/advisories/2004_36_mozilla.html

http://www.redhat.com/support/errata/RHSA-2004-421.html

http://www.securityfocus.com/bid/15495

https://exchange.xforce.ibmcloud.com/vulnerabilities/1598

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997

Details

Source: MITRE

Published: 2004-07-27

Updated: 2017-10-11

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:firebirdsql:firebird:0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*

cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*

Tenable Plugins

View all (55 total)

IDNameProductFamilySeverity
56476FreeBSD : Mutiple browser frame injection vulnerability (641859e8-eca1-11d8-b913-000c41e2cdad)NessusFreeBSD Local Security Checks
high
21949CentOS 4 : firefox (CESA-2005:586)NessusCentOS Local Security Checks
high
21844CentOS 3 / 4 : mozilla (CESA-2005:587)NessusCentOS Local Security Checks
high
20556Ubuntu 4.10 / 5.04 : mozilla vulnerabilities (USN-155-1)NessusUbuntu Local Security Checks
high
20544Ubuntu 5.04 : mozilla-firefox vulnerabilities (USN-149-1)NessusUbuntu Local Security Checks
high
19888Mandrake Linux Security Advisory : mozilla (MDKSA-2005:128)NessusMandriva Local Security Checks
high
3239Mozilla Firefox < 1.0.7 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3238Mozilla Firefox < 1.7.12 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
19685Debian DSA-810-1 : mozilla - several vulnerabilitiesNessusDebian Local Security Checks
high
19433Debian DSA-777-1 : mozilla - frame injection spoofingNessusDebian Local Security Checks
high
19431Debian DSA-775-1 : mozilla-firefox - frame injection spoofingNessusDebian Local Security Checks
high
19285RHEL 2.1 / 3 / 4 : mozilla (RHSA-2005:587)NessusRed Hat Local Security Checks
high
19268RHEL 4 : firefox (RHSA-2005:586)NessusRed Hat Local Security Checks
high
3099Mozilla Firefox < 1.0.6 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3067Mozilla Firefox < 1.7.10 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3066Mozilla Firefox < 1.0.5 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
18813Mozilla Browser < 1.7.9 Multiple VulnerabilitiesNessusWindows
high
18794Slackware 10.0 / 9.1 / current : Mozilla (SSA:2004-223-01)NessusSlackware Local Security Checks
critical
18689Firefox < 1.0.6 Multiple VulnerabilitiesNessusWindows
high
2902Mozilla Firefox < 1.7.8 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
2887Mozilla Firefox < 1.0.4 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
2789Mozilla Firefox < 1.7.7 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
2788Mozilla Firefox < 1.0.3 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
2703Mozilla Thunderbird < 1.0.2 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
medium
2671Mozilla Firefox < 1.7.6 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
2652Mozilla Firefox < 1.0.1 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
2603MSN Messenger < 6.2.0205 PNG File Remote Overflow (deprecated)Nessus Network MonitorInternet Messengers
medium
2602Microsoft Media Player Version 9 PNG Multiple Vulnerabilities (deprecated)Nessus Network MonitorGeneric
medium
14758FreeBSD Ports : Multiple Browsers Frame InjectionNessusFreeBSD Local Security Checks
high
14331Mandrake Linux Security Advisory : mozilla (MDKSA-2004:082)NessusMandriva Local Security Checks
critical
1775Mozilla Firefox XML User Interface Language Browser Interface Spoofing (deprecated)Nessus Network MonitorWeb Clients
medium
1773Mozilla Firefox < 1.7.1 / Thunderbird < 0.7.1 POP3 Remote Heap Overflow (deprecated)Nessus Network MonitorWeb Clients
medium
1772Mozilla Firefox < 1.7.1 Cross-Domain Frame Loading Vulnerability (deprecated)Nessus Network MonitorWeb Clients
medium
1771Mozilla Firefox < 1.7.2 Non-FQDN SSL Certificate SpoofingNessus Network MonitorWeb Clients
medium
1770Mozilla Firefox < 1.7.1 SSL Redirect SpoofingNessus Network MonitorWeb Clients
medium
2116Mozilla Firefox Input Type HTML Tag Unauthorized Access (deprecated)Nessus Network MonitorWeb Clients
medium
14268FreeBSD : Mutiple browser frame injection vulnerability (83) (deprecated)NessusFreeBSD Local Security Checks
high
14214RHEL 2.1 / 3 : mozilla (RHSA-2004:421)NessusRed Hat Local Security Checks
critical
801373Mozilla XML User Interface Language Browser Interface SpoofingLog Correlation EngineWeb Clients
medium
801318Mozilla Browser < 1.7.8 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801295Mozilla Firefox < 1.0.4 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801294Mozilla Browser < 1.7.12 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801293Mozilla < 1.7.7 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801292Mozilla Browser < 1.7.2 Non-FQDN SSL Certificate SpoofingLog Correlation EngineWeb Clients
medium
801263Mozilla < 1.7.1 SSL Redirect SpoofingLog Correlation EngineWeb Clients
medium
801257Mozilla Browser < 1.7.10 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801229Mozilla Browser Input Type HTML Tag Unauthorized AccessLog Correlation EngineWeb Clients
medium
801228Mozilla < 1.7.1 Cross-Domain Frame Loading VulnerabilityLog Correlation EngineWeb Clients
medium
801221Mozilla Thunderbird < 1.0.2 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
801217Mozilla Firefox < 1.0.5 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801215Mozilla < 1.7.6 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801211Mozilla Browser <1.7.1 / Thunderbird < 0.7.1 SendUIDL POP3 Message Handling Remote Heap OverflowLog Correlation EngineWeb Clients
medium
800781Firefox < 1.0.7 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800777Firefox < 1.0.6 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800745Firefox < 1.0.3 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high