Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0718

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0718
Last Modified 21 Aug 2010 12:21:08
Published 27 Jul 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0718

Summary

The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

Vulnerable Systems

Application

  • Firebirdsql Firebird 0.7

  • Mozilla 1.6

  • Netscape Navigator 7.1


References

XF - http-frame-spoof(1598)

REDHAT - RHSA-2004:421

SUSE - SUSE-SA:2004:036

MISC - http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/

SECUNIA - 11978

FEDORA - FLSA:2089

CONFIRM - http://bugzilla.mozilla.org/show_bug.cgi?id=246448

BID - 15495

MANDRAKE - MDKSA-2004:082

DEBIAN - DSA-810

DEBIAN - DSA-777

SCO - SCOSA-2005.49


Last Updated: 27 May 2016 10:38:43