Executive Summary
Summary | |
---|---|
Title | Mozilla Firefox allows cross-domain iframe access via JavaScript |
Informations | |||
---|---|---|---|
Name | VU#143297 | First vendor Publication | 2007-06-08 |
Vendor | VU-CERT | Last vendor Modification | 2007-06-14 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#143297Mozilla Firefox allows cross-domain iframe access via JavaScriptOverviewMozilla Firefox allows cross-domain access to an iframe. This vulnerability could allow an attacker to interact with a web site in a different domain. The attacker could read content and cookies, capture keystrokes, and modify content.I. DescriptionAn iframe is an HTML element which allows an HTML document to be embedded inside a master HTML document.The Mozilla same origin policy says:
Mozilla considers two pages to have the same origin if the protocol, port (if given), and host are the same for both pages. Firefox does not properly enforce the same origin policy to web pages that use IFrames. From Mozilla Bugzilla Bug ID 382686:
Unfortunately, the check implemented means that about:blank frames can be overwritten freely; and unfortunately, *all* frames, even with Internet SRC= specified, will be vulnerable to a race condition while the document loads. Note that some websites that allow users to supply content may allow iframes to be included. II. ImpactAn attacker may be able to obtain sensitive data from a user, modify the appearance of a webpage or track keystrokes. Depending on the nature of the web site the user was visiting, this data may include passwords, credit card numbers, and any arbitrary information provided by the user.III. SolutionWe are currently unaware of a practical solution to this problem.
Workarounds for administrators
Systems Affected
References
This vulnerability was reported by Michal Zalewski on the Full-Disclosure mailing list. This document was written by Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/143297 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11122 | |||
Oval ID: | oval:org.mitre.oval:def:11122 | ||
Title: | Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568. | ||
Description: | Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3089 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Mozilla File : nvt/sles9p5011293.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDKSA-2007:152 (mozilla-firefox) File : nvt/gb_mandriva_MDKSA_2007_152.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-490-1 File : nvt/gb_ubuntu_USN_490_1.nasl |
2009-02-27 | Name : Fedora Update for blam FEDORA-2007-1157 File : nvt/gb_fedora_2007_1157_blam_fc7.nasl |
2009-02-27 | Name : Fedora Update for firefox FEDORA-2007-642 File : nvt/gb_fedora_2007_642_firefox_fc6.nasl |
2009-02-27 | Name : Fedora Update for thunderbird FEDORA-2007-641 File : nvt/gb_fedora_2007_641_thunderbird_fc6.nasl |
2009-02-27 | Name : Fedora Update for seamonkey FEDORA-2007-1181 File : nvt/gb_fedora_2007_1181_seamonkey_fc7.nasl |
2009-02-27 | Name : Fedora Update for thunderbird FEDORA-2007-1180 File : nvt/gb_fedora_2007_1180_thunderbird_fc7.nasl |
2009-02-27 | Name : Fedora Update for epiphany-extensions FEDORA-2007-1155 File : nvt/gb_fedora_2007_1155_epiphany-extensions_fc7.nasl |
2009-02-27 | Name : Fedora Update for yelp FEDORA-2007-1144 File : nvt/gb_fedora_2007_1144_yelp_fc7.nasl |
2009-02-27 | Name : Fedora Update for devhelp FEDORA-2007-1143 File : nvt/gb_fedora_2007_1143_devhelp_fc7.nasl |
2009-02-27 | Name : Fedora Update for firefox FEDORA-2007-1142 File : nvt/gb_fedora_2007_1142_firefox_fc7.nasl |
2009-02-27 | Name : Fedora Update for epiphany FEDORA-2007-1138 File : nvt/gb_fedora_2007_1138_epiphany_fc7.nasl |
2009-01-28 | Name : SuSE Update for MozillaFirefox,MozillaThunderbird,Seamonkey SUSE-SA:2007:049 File : nvt/gb_suse_2007_049.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200708-09 (mozilla/thunderbird/firefox/xulrunner) File : nvt/glsa_200708_09.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox29.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1337-1 (xulrunner) File : nvt/deb_1337_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1339-1 (iceape) File : nvt/deb_1339_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1338-1 (iceweasel) File : nvt/deb_1338_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
38024 | Mozilla Firefox document.write IFRAME Replacement XSS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0724.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2007-0723.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0722.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070718_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070718_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20070718_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-3932.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-490-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-1143.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-1144.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-1155.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-1157.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-1180.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-1181.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-1142.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-1138.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-3933.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-3935.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-3973.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-3984.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-3986.nasl - Type : ACT_GATHER_INFO |
2007-08-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200708-09.nasl - Type : ACT_GATHER_INFO |
2007-08-02 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-152.nasl - Type : ACT_GATHER_INFO |
2007-07-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1339.nasl - Type : ACT_GATHER_INFO |
2007-07-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1338.nasl - Type : ACT_GATHER_INFO |
2007-07-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1337.nasl - Type : ACT_GATHER_INFO |
2007-07-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0722.nasl - Type : ACT_GATHER_INFO |
2007-07-23 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-0723.nasl - Type : ACT_GATHER_INFO |
2007-07-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0724.nasl - Type : ACT_GATHER_INFO |
2007-07-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0722.nasl - Type : ACT_GATHER_INFO |
2007-07-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e190ca65363611dca697000c6ec775d9.nasl - Type : ACT_GATHER_INFO |
2007-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-642.nasl - Type : ACT_GATHER_INFO |
2007-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-641.nasl - Type : ACT_GATHER_INFO |
2007-07-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0724.nasl - Type : ACT_GATHER_INFO |
2007-07-23 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2007-0723.nasl - Type : ACT_GATHER_INFO |
2007-07-19 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_2005.nasl - Type : ACT_GATHER_INFO |