CVE-2005-2266

MEDIUM

Description

Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.

References

http://secunia.com/advisories/15549

http://secunia.com/advisories/15551

http://secunia.com/advisories/15553

http://secunia.com/advisories/19823

http://www.debian.org/security/2005/dsa-810

http://www.mozilla.org/security/announce/mfsa2005-52.html

http://www.novell.com/linux/security/advisories/2005_18_sr.html

http://www.novell.com/linux/security/advisories/2005_45_mozilla.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.redhat.com/support/errata/RHSA-2005-586.html

http://www.redhat.com/support/errata/RHSA-2005-587.html

http://www.redhat.com/support/errata/RHSA-2005-601.html

http://www.securityfocus.com/bid/14242

http://www.vupen.com/english/advisories/2005/1075

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202

https://exchange.xforce.ibmcloud.com/vulnerabilities/21332

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100107

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10712

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1415

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A773

Details

Source: MITRE

Published: 2005-07-13

Updated: 2017-10-11

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
21952CentOS 4 : thunderbird (CESA-2005:601)NessusCentOS Local Security Checks
high
21949CentOS 4 : firefox (CESA-2005:586)NessusCentOS Local Security Checks
high
21844CentOS 3 / 4 : mozilla (CESA-2005:587)NessusCentOS Local Security Checks
high
20556Ubuntu 4.10 / 5.04 : mozilla vulnerabilities (USN-155-1)NessusUbuntu Local Security Checks
high
20546Ubuntu 4.10 : mozilla-firefox vulnerabilities (USN-149-3)NessusUbuntu Local Security Checks
high
20544Ubuntu 5.04 : mozilla-firefox vulnerabilities (USN-149-1)NessusUbuntu Local Security Checks
high
20421MDKSA-2005:127-1 : mozilla-thunderbirdNessusMandriva Local Security Checks
high
20420MDKSA-2005:120-1 : mozilla-firefoxNessusMandriva Local Security Checks
high
19888Mandrake Linux Security Advisory : mozilla (MDKSA-2005:128)NessusMandriva Local Security Checks
high
19685Debian DSA-810-1 : mozilla - several vulnerabilitiesNessusDebian Local Security Checks
high
19478Debian DSA-781-1 : mozilla-thunderbird - several vulnerabilitiesNessusDebian Local Security Checks
high
19476Debian DSA-779-2 : mozilla-firefox - several vulnerabilitiesNessusDebian Local Security Checks
high
19345FreeBSD : firefox & mozilla -- multiple vulnerabilities (5d72701a-f601-11d9-bcd1-02061b08fc24)NessusFreeBSD Local Security Checks
high
19285RHEL 2.1 / 3 / 4 : mozilla (RHSA-2005:587)NessusRed Hat Local Security Checks
high
19277RHEL 4 : thunderbird (RHSA-2005:601)NessusRed Hat Local Security Checks
high
19269Mozilla Thunderbird < 1.0.6 Multiple VulnerabilitiesNessusWindows
high
19268RHEL 4 : firefox (RHSA-2005:586)NessusRed Hat Local Security Checks
high
3099Mozilla Firefox < 1.0.6 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3067Mozilla Firefox < 1.7.10 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3066Mozilla Firefox < 1.0.5 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
18813Mozilla Browser < 1.7.9 Multiple VulnerabilitiesNessusWindows
high
18689Firefox < 1.0.6 Multiple VulnerabilitiesNessusWindows
high
801257Mozilla Browser < 1.7.10 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801217Mozilla Firefox < 1.0.5 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800777Firefox < 1.0.6 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high