Lucene search
Mozilla FoundationMFSA2007-20HistoryJul 17, 2007 - 12:00 a.m.
Frame spoofing while window is loading — Mozilla
2007-07-1700:00:00
Mozilla Foundation
www.mozilla.org
10
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.933 High
EPSS
Percentile
99.0%
Ronen Zilberman and Michal Zalewski both reported that it was possible to exploit a timing issue to inject content into about:blank frames in a page. When opening a window from a script, it is possible to spoof the content of the newly opened window’s frames within a short time frame, while the window is loading.
Related
cert
cert
Mozilla Firefox allows cross-domain iframe access via JavaScript
2007-06-08 00:00:00
veracode
veracode
Arbitrary Code Injection
2020-04-10 00:17:15
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2007-20
2007-07-19 00:00:00
Mozilla Firefox, Thunderbird, Seamonkey multiple securityvulnerabilities
2007-07-19 00:00:00
seebug
seebug
Firefox about:blank IFRME帧跨域访问漏洞
2007-07-20 00:00:00
prion
prion
Cross site scripting
2007-08-08 01:17:00
Code injection
2007-06-06 21:30:00
cve
cve
CVE-2007-3844
2007-08-08 01:17:00
CVE-2007-3089
2007-06-06 21:30:00
ubuntucve
ubuntucve
CVE-2007-3844
2007-08-08 00:00:00
CVE-2007-3089
2007-06-06 00:00:00
nessus
nessus
FreeBSD : mozilla -- multiple vulnerabilities (e190ca65-3636-11dc-a697-000c6ec775d9)
2007-07-23 00:00:00
Oracle Linux 4 : thunderbird (ELSA-2007-0723)
2013-07-12 00:00:00
CentOS 4 / 5 : thunderbird (CESA-2007:0723)
2007-07-23 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2007-07-17 00:00:00
openvas
openvas
FreeBSD Ports: firefox
2008-09-04 00:00:00
FreeBSD Ports: firefox
2008-09-04 00:00:00
Fedora Update for thunderbird FEDORA-2007-1180
2009-02-27 00:00:00
redhat
redhat
(RHSA-2007:0723) Moderate: thunderbird security update
2007-07-18 00:00:00
(RHSA-2007:0722) Critical: seamonkey security update
2007-07-18 00:00:00
(RHSA-2007:0724) Critical: firefox security update
2007-07-18 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: thunderbird-1.5.0.12-2.fc6
2007-07-20 16:21:25
[SECURITY] Fedora 7 Update: thunderbird-2.0.0.5-1.fc7
2007-07-20 19:32:33
[SECURITY] Fedora 7 Update: epiphany-extensions-2.18.3-2
2007-07-19 16:45:42
oraclelinux
oraclelinux
Moderate: thunderbird security update
2007-07-19 00:00:00
Critical: seamonkey security update
2007-07-19 00:00:00
Critical: firefox security update
2007-07-19 00:00:00
centos
centos
thunderbird security update
2007-07-19 19:16:54
seamonkey security update
2007-07-20 05:54:56
firefox security update
2007-07-19 13:36:22
osv
osv
debian
debian
[SECURITY] [DSA 1338-1] New iceweasel packages fix several vulnerabilities
2007-07-23 00:00:00
[SECURITY] [DSA 1339-1] New iceape packages fix several vulnerabilities
2007-07-24 00:00:00
[SECURITY] [DSA 1337-1] New xulrunner packages fix several vulnerabilities
2007-07-22 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2007-07-20 00:00:00
gentoo
gentoo
Mozilla products: Multiple vulnerabilities
2007-08-14 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,Seamonkey
2007-08-02 16:31:06
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.933 High
EPSS
Percentile
99.0%
Related for MFSA2007-20