Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2007-3089

Опубликовано: 06 июн. 2007
Источник: ubuntu
Приоритет: untriaged
CVSS2: 4.3

Описание

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568.

РелизСтатусПримечание
dapper

released

1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1
devel

not-affected

edgy

released

2.0.0.6+0dfsg-0ubuntu0.6.10
feisty

released

2.0.0.6+1-0ubuntu1
upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

released

1.1.4-1ubuntu2
edgy

DNE

feisty

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

released

0.1.6b-0ubuntu2
edgy

DNE

feisty

DNE

upstream

needs-triage

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2007-3089

redhat
около 18 лет назад

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568.

nvd логотип

CVE-2007-3089

nvd
около 18 лет назад

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568.

debian логотип

CVE-2007-3089

debian
около 18 лет назад

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write ...

github логотип

GHSA-w739-3fq5-fgvp

github
около 3 лет назад

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568.

oracle-oval логотип

ELSA-2007-0724

oracle-oval
почти 18 лет назад

ELSA-2007-0724: Critical: firefox security update (CRITICAL)

4.3 Medium

CVSS2