Executive Summary
Summary | |
---|---|
Title | New Mozilla packages fix frame injection spoofing vulnerability |
Informations | |||
---|---|---|---|
Name | DSA-777 | First vendor Publication | 2005-08-17 |
Vendor | Debian | Last vendor Modification | 2005-08-17 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability has been discovered in Mozilla and Mozilla Firefox that allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site. Thunderbird is not affected by this and Galeon will be automatically fixed as it uses Mozilla components. For the stable distribution (sarge) this problem has been fixed in version 1.7.8-1sarge1. For the unstable distribution (sid) this problem has been fixed in version 1.7.10-1. We recommend that you upgrade your Mozilla package. |
Original Source
Url : http://www.debian.org/security/2005/dsa-777 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:100007 | |||
Oval ID: | oval:org.mitre.oval:def:100007 | ||
Title: | Firefox and Mozilla Framed Site Spoofing Vulnerability | ||
Description: | A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-1937 | Version: | 6 |
Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4756 | |||
Oval ID: | oval:org.mitre.oval:def:4756 | ||
Title: | Mozilla, Firebird, Firefox Frame Injection Vulnerability | ||
Description: | The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0718 | Version: | 1 |
Platform(s): | Sun Solaris 8 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:637 | |||
Oval ID: | oval:org.mitre.oval:def:637 | ||
Title: | RHE3 Firefox and Mozilla Framed Site Spoofing Vulnerability | ||
Description: | A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1937 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:759 | |||
Oval ID: | oval:org.mitre.oval:def:759 | ||
Title: | RHE4 Firefox and Mozilla Framed Site Spoofing Vulnerability | ||
Description: | A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1937 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9997 | |||
Oval ID: | oval:org.mitre.oval:def:9997 | ||
Title: | The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | ||
Description: | The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0718 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 | |
Application | 2 | |
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Mozilla File : nvt/sles9p5016546.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-14 (mozilla) File : nvt/glsa_200507_14.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-24 (mozilla) File : nvt/glsa_200507_24.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox18.nasl |
2008-09-04 | Name : FreeBSD Ports: kdelibs File : nvt/freebsd_kdelibs1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 775-1 (mozilla) File : nvt/deb_775_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 777-1 (mozilla) File : nvt/deb_777_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 810-1 (mozilla) File : nvt/deb_810_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2004-223-01 Mozilla File : nvt/esoft_slk_ssa_2004_223_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
59835 | Netscape Cross-domain Frame Injection Content Spoofing |
59834 | Mozilla Multiple Browser Cross-domain Frame Injection Content Spoofing |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-10-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_641859e8eca111d8b913000c41e2cdad.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-586.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-587.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-155-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-149-3.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-149-1.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-128.nasl - Type : ACT_GATHER_INFO |
2005-09-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-810.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-775.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-777.nasl - Type : ACT_GATHER_INFO |
2005-08-01 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_5d72701af60111d9bcd102061b08fc24.nasl - Type : ACT_GATHER_INFO |
2005-07-22 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-616.nasl - Type : ACT_GATHER_INFO |
2005-07-22 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-619.nasl - Type : ACT_GATHER_INFO |
2005-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-587.nasl - Type : ACT_GATHER_INFO |
2005-07-21 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-605.nasl - Type : ACT_GATHER_INFO |
2005-07-21 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-586.nasl - Type : ACT_GATHER_INFO |
2005-07-21 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-603.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_105.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : A web browser installed on the remote host contains multiple vulnerabilities. File : mozilla_179.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-223-01.nasl - Type : ACT_GATHER_INFO |
2004-08-22 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-082.nasl - Type : ACT_GATHER_INFO |
2004-08-12 | Name : The remote device is missing a vendor-supplied security patch File : freebsd_kdelibs_3233.nasl - Type : ACT_GATHER_INFO |
2004-08-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-421.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:34:14 |
|