Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2266

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2266
Last Modified 07 Mar 2011 09:24:00
Published 13 Jul 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2266

Summary

Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.

Vulnerable Systems

Application

  • Mozilla 1.3

  • Mozilla 1.4

  • Mozilla 1.4.1

  • Mozilla 1.5

  • Mozilla 1.5.1

  • Mozilla 1.6

  • Mozilla 1.7

  • Mozilla 1.7.1

  • Mozilla 1.7.2

  • Mozilla 1.7.3

  • Mozilla 1.7.5

  • Mozilla 1.7.6

  • Mozilla 1.7.7

  • Mozilla 1.7.8

  • Mozilla Firefox 0.10

  • Mozilla Firefox 0.10.1

  • Mozilla Firefox 0.8

  • Mozilla Firefox 0.9

  • Mozilla Firefox 0.9.1

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 0.9.3

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.0.3

  • Mozilla Firefox 1.0.4


References

CONFIRM - http://www.mozilla.org/security/announce/mfsa2005-52.html

VUPEN - ADV-2005-1075

SUSE - SUSE-SA:2006:004

SECUNIA - 15549

FEDORA - FLSA:160202

XF - mozilla-frame-topfocus-xss(21332)

BID - 14242

REDHAT - RHSA-2005:601

REDHAT - RHSA-2005:587

REDHAT - RHSA-2005:586

SUSE - SUSE-SA:2006:022

SUSE - SUSE-SA:2005:045

SUSE - SUSE-SR:2005:018

DEBIAN - DSA-810

SECUNIA - 19823

SECUNIA - 15553

SECUNIA - 15551


Last Updated: 27 May 2016 10:40:28