FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-2266

This CVE name corresponds to:

Entered Topic
2005-07-16 firefox & mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2005-2266
Phase Assigned(20050713)

Description

Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.

References

Source Reference
CONFIRM http://www.mozilla.org/security/announce/mfsa2005-52.html
DEBIAN DSA-810
FEDORA FLSA:160202
REDHAT RHSA-2005:586
REDHAT RHSA-2005:587
REDHAT RHSA-2005:601
SUSE SUSE-SA:2006:022
SUSE SUSE-SA:2005:045
SUSE SUSE-SR:2005:018
SUSE SUSE-SA:2006:004
BID 14242
OVAL oval:org.mitre.oval:def:10712
VUPEN ADV-2005-1075
OVAL oval:org.mitre.oval:def:100107
OVAL oval:org.mitre.oval:def:1415
OVAL oval:org.mitre.oval:def:773
SECUNIA 15549
SECUNIA 15551
SECUNIA 15553
SECUNIA 19823
XF mozilla-frame-topfocus-xss(21332)