CVE Vulnerability

CVE-2007-3089

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html
http://lcamtuf.coredump.cx/ifsnatch/
http://www.securityfocus.com/bid/24286
http://www.mozilla.org/security/announce/2007/mfsa2007-20.html
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
http://www.debian.org/security/2007/dsa-1337
http://www.debian.org/security/2007/dsa-1338
http://www.debian.org/security/2007/dsa-1339
http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
http://www.redhat.com/support/errata/RHSA-2007-0722.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0723.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0724.html Vendor Advisory
ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
http://www.ubuntu.com/usn/usn-490-1
http://www.us-cert.gov/cas/techalerts/TA07-199A.html US Government Resource
http://www.kb.cert.org/vuls/id/143297 US Government Resource
http://www.securitytracker.com/id?1018412
http://secunia.com/advisories/26095 Vendor Advisory
http://secunia.com/advisories/26103 Vendor Advisory
http://secunia.com/advisories/26106 Vendor Advisory
http://secunia.com/advisories/26107 Vendor Advisory
http://secunia.com/advisories/25589 Vendor Advisory
http://secunia.com/advisories/26179 Vendor Advisory
http://secunia.com/advisories/26149 Vendor Advisory
http://secunia.com/advisories/26151 Vendor Advisory
http://secunia.com/advisories/26072 Vendor Advisory
http://secunia.com/advisories/26211 Vendor Advisory
http://secunia.com/advisories/26216 Vendor Advisory
http://secunia.com/advisories/26204 Vendor Advisory
http://secunia.com/advisories/26205 Vendor Advisory
http://secunia.com/advisories/26159 Vendor Advisory
http://secunia.com/advisories/26271 Vendor Advisory
http://secunia.com/advisories/26258 Vendor Advisory
http://secunia.com/advisories/26460 Vendor Advisory
http://securityreason.com/securityalert/2781
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
http://secunia.com/advisories/28135 Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
https://bugzilla.mozilla.org/show_bug.cgi?id=382686
http://www.vupen.com/english/advisories/2007/2564
http://www.vupen.com/english/advisories/2007/4256
https://bugzilla.mozilla.org/show_bug.cgi?id=381300
http://osvdb.org/38024
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
https://exchange.xforce.ibmcloud.com/vulnerabilities/34701
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11122
http://www.securityfocus.com/archive/1/474542/100/0/threaded
http://www.securityfocus.com/archive/1/474226/100/0/threaded
http://www.securityfocus.com/archive/1/470446/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
Information

Published : 2007-06-06 09:30

Updated : 2018-10-16 04:47

NVD link : CVE-2007-3089

Mitre link : CVE-2007-3089

Products Affected
No products.
CWE
NVD-CWE-Other