CVE-2007-3089

critical

Description

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11122

https://exchange.xforce.ibmcloud.com/vulnerabilities/34701

https://bugzilla.mozilla.org/show_bug.cgi?id=382686

https://bugzilla.mozilla.org/show_bug.cgi?id=381300

http://www.vupen.com/english/advisories/2007/4256

http://www.vupen.com/english/advisories/2007/2564

http://www.us-cert.gov/cas/techalerts/TA07-199A.html

http://www.ubuntu.com/usn/usn-490-1

http://www.securitytracker.com/id?1018412

http://www.securityfocus.com/bid/24286

http://www.securityfocus.com/archive/1/474542/100/0/threaded

http://www.securityfocus.com/archive/1/474226/100/0/threaded

http://www.securityfocus.com/archive/1/470446/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2007-0724.html

http://www.redhat.com/support/errata/RHSA-2007-0723.html

http://www.redhat.com/support/errata/RHSA-2007-0722.html

http://www.novell.com/linux/security/advisories/2007_49_mozilla.html

http://www.mozilla.org/security/announce/2007/mfsa2007-20.html

http://www.mandriva.com/security/advisories?name=MDKSA-2007:152

http://www.kb.cert.org/vuls/id/143297

http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml

http://www.debian.org/security/2007/dsa-1339

http://www.debian.org/security/2007/dsa-1338

http://www.debian.org/security/2007/dsa-1337

http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1

http://securityreason.com/securityalert/2781

http://secunia.com/advisories/28135

http://secunia.com/advisories/26460

http://secunia.com/advisories/26271

http://secunia.com/advisories/26258

http://secunia.com/advisories/26216

http://secunia.com/advisories/26211

http://secunia.com/advisories/26205

http://secunia.com/advisories/26204

http://secunia.com/advisories/26179

http://secunia.com/advisories/26159

http://secunia.com/advisories/26151

http://secunia.com/advisories/26149

http://secunia.com/advisories/26107

http://secunia.com/advisories/26106

http://secunia.com/advisories/26103

http://secunia.com/advisories/26095

http://secunia.com/advisories/26072

http://secunia.com/advisories/25589

http://osvdb.org/38024

http://lcamtuf.coredump.cx/ifsnatch/

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html

Details

Source: Mitre, NVD

Published: 2007-06-06

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical