Lucene search

RedhatCVE-2005-2266

HistoryJul 13, 2005 - 4:00 a.m.

CVE-2005-2266

2005-07-1304:00:00

redhat

web.nvd.nist.gov

firefox

mozilla

cve-2005-2266

same origin policy

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.013

Percentile

86.0%

JSON

Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.

Affected configurations

Nvd

Node

mozillafirefoxMatch0.8

mozillafirefoxMatch0.9

mozillafirefoxMatch0.9rc

mozillafirefoxMatch0.9.1

mozillafirefoxMatch0.9.2

mozillafirefoxMatch0.9.3

mozillafirefoxMatch0.10

mozillafirefoxMatch0.10.1

mozillafirefoxMatch1.0

mozillafirefoxMatch1.0.1

mozillafirefoxMatch1.0.2

mozillafirefoxMatch1.0.3

mozillafirefoxMatch1.0.4

mozillamozillaMatch1.3

mozillamozillaMatch1.4

mozillamozillaMatch1.4alpha

mozillamozillaMatch1.4.1

mozillamozillaMatch1.5

mozillamozillaMatch1.5alpha

mozillamozillaMatch1.5rc1

mozillamozillaMatch1.5rc2

mozillamozillaMatch1.5.1

mozillamozillaMatch1.6

mozillamozillaMatch1.6alpha

mozillamozillaMatch1.6beta

mozillamozillaMatch1.7

mozillamozillaMatch1.7alpha

mozillamozillaMatch1.7beta

mozillamozillaMatch1.7rc1

mozillamozillaMatch1.7rc2

mozillamozillaMatch1.7rc3

mozillamozillaMatch1.7.1

mozillamozillaMatch1.7.2

mozillamozillaMatch1.7.3

mozillamozillaMatch1.7.5

mozillamozillaMatch1.7.6

mozillamozillaMatch1.7.7

mozillamozillaMatch1.7.8

VendorProductVersionCPE
mozillafirefox0.8cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
mozillafirefox0.9cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
mozillafirefox0.9cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
mozillafirefox0.9.1cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
mozillafirefox0.9.2cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
mozillafirefox0.9.3cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
mozillafirefox0.10cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
mozillafirefox0.10.1cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
mozillafirefox1.0cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
mozillafirefox1.0.1cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	0.8	cpe:2.3:a:mozilla:firefox:0.8:::::::*
mozilla	firefox	0.9	cpe:2.3:a:mozilla:firefox:0.9:::::::*
mozilla	firefox	0.9	cpe:2.3:a:mozilla:firefox:0.9:rc::::::
mozilla	firefox	0.9.1	cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
mozilla	firefox	0.9.2	cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
mozilla	firefox	0.9.3	cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
mozilla	firefox	0.10	cpe:2.3:a:mozilla:firefox:0.10:::::::*
mozilla	firefox	0.10.1	cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
mozilla	firefox	1.0	cpe:2.3:a:mozilla:firefox:1.0:::::::*
mozilla	firefox	1.0.1	cpe:2.3:a:mozilla:firefox:1.0.1:::::::*