FreeBSD : Mutiple browser frame injection vulnerability (641859e8-eca1-11d8-b913-000c41e2cdad)

high Nessus Plugin ID 56476
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote FreeBSD host is missing one or more security-related updates.


A class of bugs affecting many web browsers in the same way was discovered. A Secunia advisory reports :

The problem is that the browsers don't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a named frame in another window.

Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g.
a trusted site.

A KDE Security Advisory reports :

A malicious website could abuse Konqueror to insert its own frames into the page of an otherwise trusted website. As a result the user may unknowingly send confidential information intended for the trusted website to the malicious website.

Secunia has provided a demonstration of the vulnerability at t/.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 56476

File Name: freebsd_pkg_641859e8eca111d8b913000c41e2cdad.nasl

Version: 1.7

Type: local

Published: 10/13/2011

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Medium

Score: 5.5


Risk Factor: High

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:kdebase, p-cpe:/a:freebsd:freebsd:kdelibs, p-cpe:/a:freebsd:freebsd:linux-mozilla, p-cpe:/a:freebsd:freebsd:linux-mozilla-devel, p-cpe:/a:freebsd:freebsd:linux-opera, p-cpe:/a:freebsd:freebsd:mozilla, p-cpe:/a:freebsd:freebsd:mozilla-gtk1, p-cpe:/a:freebsd:freebsd:netscape7, p-cpe:/a:freebsd:freebsd:opera, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 8/12/2004

Vulnerability Publication Date: 8/11/2004

Reference Information

CVE: CVE-2004-0717, CVE-2004-0718, CVE-2004-0721

Secunia: 11978