FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-3089

This CVE name corresponds to:

Entered Topic
2007-07-19 mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-3089 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-3089
Phase Assigned(20070606)

Description

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568.

References

Source Reference
BUGTRAQ 20070604 Assorted browser vulnerabilities
BUGTRAQ 20070720 rPSA-2007-0148-1 firefox thunderbird
BUGTRAQ 20070724 FLEA-2007-0033-1: firefox thunderbird
FULLDISC 20070604 Assorted browser vulnerabilities
MISC http://lcamtuf.coredump.cx/ifsnatch/
MISC https://bugzilla.mozilla.org/show_bug.cgi?id=381300
MISC https://bugzilla.mozilla.org/show_bug.cgi?id=382686
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=381300
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=382686
CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-20.html
CONFIRM ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
CONFIRM http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
DEBIAN DSA-1337
DEBIAN DSA-1338
DEBIAN DSA-1339
GENTOO GLSA-200708-09
HP HPSBUX02153
HP SSRT061181
MANDRIVA MDKSA-2007:152
REDHAT RHSA-2007:0722
REDHAT RHSA-2007:0723
REDHAT RHSA-2007:0724
SGI 20070701-01-P
SUNALERT 103177
SUNALERT 201516
SUSE SUSE-SA:2007:049
UBUNTU USN-490-1
CERT TA07-199A
CERT-VN VU#143297
BID 24286
OSVDB 38024
OVAL oval:org.mitre.oval:def:11122
VUPEN ADV-2007-2564
VUPEN ADV-2007-4256
SECTRACK 1018412
SECUNIA 26095
SECUNIA 26103
SECUNIA 26106
SECUNIA 26107
SECUNIA 25589
SECUNIA 26179
SECUNIA 26149
SECUNIA 26151
SECUNIA 26072
SECUNIA 26211
SECUNIA 26216
SECUNIA 26204
SECUNIA 26205
SECUNIA 26159
SECUNIA 26271
SECUNIA 26258
SECUNIA 26460
SECUNIA 28135
SREASON 2781
XF firefox-iframe-security-bypass(34701)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.