The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://bugzilla.mozilla.org/show_bug.cgi?id=246448
http://marc.info/?l=bugtraq&m=109900315219363&w=2
http://secunia.com/advisories/11978
http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/
http://www.debian.org/security/2005/dsa-777
http://www.debian.org/security/2005/dsa-810
http://www.mandriva.com/security/advisories?name=MDKSA-2004:082
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
http://www.redhat.com/support/errata/RHSA-2004-421.html
http://www.securityfocus.com/bid/15495
https://exchange.xforce.ibmcloud.com/vulnerabilities/1598
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997
Source: MITRE
Published: 2004-07-27
Updated: 2017-10-11
Type: NVD-CWE-Other
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
OR
cpe:2.3:a:firebirdsql:firebird:0.7:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
56476 | FreeBSD : Mutiple browser frame injection vulnerability (641859e8-eca1-11d8-b913-000c41e2cdad) | Nessus | FreeBSD Local Security Checks | high |
21949 | CentOS 4 : firefox (CESA-2005:586) | Nessus | CentOS Local Security Checks | high |
21844 | CentOS 3 / 4 : mozilla (CESA-2005:587) | Nessus | CentOS Local Security Checks | high |
20556 | Ubuntu 4.10 / 5.04 : mozilla vulnerabilities (USN-155-1) | Nessus | Ubuntu Local Security Checks | high |
20544 | Ubuntu 5.04 : mozilla-firefox vulnerabilities (USN-149-1) | Nessus | Ubuntu Local Security Checks | high |
19888 | Mandrake Linux Security Advisory : mozilla (MDKSA-2005:128) | Nessus | Mandriva Local Security Checks | high |
3239 | Mozilla Firefox < 1.0.7 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
3238 | Mozilla Firefox < 1.7.12 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
19685 | Debian DSA-810-1 : mozilla - several vulnerabilities | Nessus | Debian Local Security Checks | high |
19433 | Debian DSA-777-1 : mozilla - frame injection spoofing | Nessus | Debian Local Security Checks | high |
19431 | Debian DSA-775-1 : mozilla-firefox - frame injection spoofing | Nessus | Debian Local Security Checks | high |
19285 | RHEL 2.1 / 3 / 4 : mozilla (RHSA-2005:587) | Nessus | Red Hat Local Security Checks | high |
19268 | RHEL 4 : firefox (RHSA-2005:586) | Nessus | Red Hat Local Security Checks | high |
3099 | Mozilla Firefox < 1.0.6 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
3067 | Mozilla Firefox < 1.7.10 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
3066 | Mozilla Firefox < 1.0.5 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
18813 | Mozilla Browser < 1.7.9 Multiple Vulnerabilities | Nessus | Windows | high |
18794 | Slackware 10.0 / 9.1 / current : Mozilla (SSA:2004-223-01) | Nessus | Slackware Local Security Checks | critical |
18689 | Firefox < 1.0.6 Multiple Vulnerabilities | Nessus | Windows | high |
2902 | Mozilla Firefox < 1.7.8 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
2887 | Mozilla Firefox < 1.0.4 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
2789 | Mozilla Firefox < 1.7.7 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
2788 | Mozilla Firefox < 1.0.3 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
2703 | Mozilla Thunderbird < 1.0.2 Multiple Vulnerabilities (deprecated) | Nessus Network Monitor | SMTP Clients | medium |
2671 | Mozilla Firefox < 1.7.6 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
2652 | Mozilla Firefox < 1.0.1 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
2603 | MSN Messenger < 6.2.0205 PNG File Remote Overflow (deprecated) | Nessus Network Monitor | Internet Messengers | medium |
2602 | Microsoft Media Player Version 9 PNG Multiple Vulnerabilities (deprecated) | Nessus Network Monitor | Generic | medium |
14758 | FreeBSD Ports : Multiple Browsers Frame Injection | Nessus | FreeBSD Local Security Checks | high |
14331 | Mandrake Linux Security Advisory : mozilla (MDKSA-2004:082) | Nessus | Mandriva Local Security Checks | critical |
1775 | Mozilla Firefox XML User Interface Language Browser Interface Spoofing (deprecated) | Nessus Network Monitor | Web Clients | medium |
1773 | Mozilla Firefox < 1.7.1 / Thunderbird < 0.7.1 POP3 Remote Heap Overflow (deprecated) | Nessus Network Monitor | Web Clients | medium |
1772 | Mozilla Firefox < 1.7.1 Cross-Domain Frame Loading Vulnerability (deprecated) | Nessus Network Monitor | Web Clients | medium |
1771 | Mozilla Firefox < 1.7.2 Non-FQDN SSL Certificate Spoofing | Nessus Network Monitor | Web Clients | medium |
1770 | Mozilla Firefox < 1.7.1 SSL Redirect Spoofing | Nessus Network Monitor | Web Clients | medium |
2116 | Mozilla Firefox Input Type HTML Tag Unauthorized Access (deprecated) | Nessus Network Monitor | Web Clients | medium |
14268 | FreeBSD : Mutiple browser frame injection vulnerability (83) (deprecated) | Nessus | FreeBSD Local Security Checks | high |
14214 | RHEL 2.1 / 3 : mozilla (RHSA-2004:421) | Nessus | Red Hat Local Security Checks | critical |
801373 | Mozilla XML User Interface Language Browser Interface Spoofing | Log Correlation Engine | Web Clients | medium |
801318 | Mozilla Browser < 1.7.8 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
801295 | Mozilla Firefox < 1.0.4 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
801294 | Mozilla Browser < 1.7.12 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
801293 | Mozilla < 1.7.7 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
801292 | Mozilla Browser < 1.7.2 Non-FQDN SSL Certificate Spoofing | Log Correlation Engine | Web Clients | medium |
801263 | Mozilla < 1.7.1 SSL Redirect Spoofing | Log Correlation Engine | Web Clients | medium |
801257 | Mozilla Browser < 1.7.10 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
801229 | Mozilla Browser Input Type HTML Tag Unauthorized Access | Log Correlation Engine | Web Clients | medium |
801228 | Mozilla < 1.7.1 Cross-Domain Frame Loading Vulnerability | Log Correlation Engine | Web Clients | medium |
801221 | Mozilla Thunderbird < 1.0.2 Multiple Vulnerabilities | Log Correlation Engine | SMTP Clients | high |
801217 | Mozilla Firefox < 1.0.5 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
801215 | Mozilla < 1.7.6 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
801211 | Mozilla Browser <1.7.1 / Thunderbird < 0.7.1 SendUIDL POP3 Message Handling Remote Heap Overflow | Log Correlation Engine | Web Clients | medium |
800781 | Firefox < 1.0.7 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
800777 | Firefox < 1.0.6 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
800745 | Firefox < 1.0.3 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |