Mozilla Firefox < 1.7.1 Cross-Domain Frame Loading Vulnerability (deprecated)

Medium Nessus Network Monitor Plugin ID 1772

Synopsis

The remote host is using a vulnerable version of Mozilla.

Description

The remote host is using a version of Mozilla that is vulnerable to cross-domain frame loading. It may allow an attacker to spoof the interface of a trusted web site. To exploit this vulnerability a victim will need to visit a web site operated by an attacker.

Solution

Upgrade to version 1.7.1 or higher.

Plugin Details

Severity: Medium

ID: 1772

Family: Web Clients

Published: 2004/08/20

Modified: 2016/02/05

Dependencies: 1735, 8314

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSSv3

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS3#AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Reference Information

CVE: CVE-2005-1160, CVE-2004-0597, CVE-2004-0599, CVE-2004-0722, CVE-2004-0757, CVE-2004-0758, CVE-2004-0759, CVE-2004-0760, CVE-2004-0761, CVE-2004-0762, CVE-2004-0763, CVE-2004-0764, CVE-2005-0399, CVE-2005-0989, CVE-2005-1153, CVE-2005-1154, CVE-2005-1155, CVE-2005-1156, CVE-2005-1157, CVE-2005-1159, CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, CVE-2005-1532, CVE-2005-2701, CVE-2005-2702, CVE-2005-2703, CVE-2005-2704, CVE-2005-2705, CVE-2005-2706, CVE-2005-2707, CVE-2005-2968, CVE-2004-0765, CVE-2004-0721, CVE-2004-0718

BID: 10877, 13233, 15495