CVE-2007-3089
7 High
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.933 High
EPSS
Percentile
99.0%
Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the “promiscuous IFRAME access bug,” a related issue to CVE-2006-4568.
References
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
lcamtuf.coredump.cx/ifsnatch/
osvdb.org/38024
secunia.com/advisories/25589
secunia.com/advisories/26072
secunia.com/advisories/26095
secunia.com/advisories/26103
secunia.com/advisories/26106
secunia.com/advisories/26107
secunia.com/advisories/26149
secunia.com/advisories/26151
secunia.com/advisories/26159
secunia.com/advisories/26179
secunia.com/advisories/26204
secunia.com/advisories/26205
secunia.com/advisories/26211
secunia.com/advisories/26216
secunia.com/advisories/26258
secunia.com/advisories/26271
secunia.com/advisories/26460
secunia.com/advisories/28135
securityreason.com/securityalert/2781
sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
www.debian.org/security/2007/dsa-1337
www.debian.org/security/2007/dsa-1338
www.debian.org/security/2007/dsa-1339
www.gentoo.org/security/en/glsa/glsa-200708-09.xml
www.kb.cert.org/vuls/id/143297
www.mandriva.com/security/advisories?name=MDKSA-2007:152
www.mozilla.org/security/announce/2007/mfsa2007-20.html
www.novell.com/linux/security/advisories/2007_49_mozilla.html
www.redhat.com/support/errata/RHSA-2007-0722.html
www.redhat.com/support/errata/RHSA-2007-0723.html
www.redhat.com/support/errata/RHSA-2007-0724.html
www.securityfocus.com/archive/1/470446/100/0/threaded
www.securityfocus.com/archive/1/474226/100/0/threaded
www.securityfocus.com/archive/1/474542/100/0/threaded
www.securityfocus.com/bid/24286
www.securitytracker.com/id?1018412
www.ubuntu.com/usn/usn-490-1
www.us-cert.gov/cas/techalerts/TA07-199A.html
www.vupen.com/english/advisories/2007/2564
www.vupen.com/english/advisories/2007/4256
bugzilla.mozilla.org/show_bug.cgi?id=381300
bugzilla.mozilla.org/show_bug.cgi?id=382686
exchange.xforce.ibmcloud.com/vulnerabilities/34701
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11122
Related
7 High
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.933 High
EPSS
Percentile
99.0%