Mozilla Firefox < 1.7.1 Cross-Domain Frame Loading Vulnerability (deprecated)

high Nessus Network Monitor Plugin ID 1772

Synopsis

The remote host is using a vulnerable version of Mozilla.

Description

The remote host is using a version of Mozilla that is vulnerable to cross-domain frame loading. It may allow an attacker to spoof the interface of a trusted web site. To exploit this vulnerability a victim will need to visit a web site operated by an attacker.

Solution

Upgrade to version 1.7.1 or higher.

Plugin Details

Severity: High

ID: 1772

Family: Web Clients

Published: 8/20/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.2

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Reference Information

CVE: CVE-2004-0597, CVE-2004-0599, CVE-2004-0718, CVE-2004-0721, CVE-2004-0722, CVE-2004-0757, CVE-2004-0758, CVE-2004-0759, CVE-2004-0760, CVE-2004-0761, CVE-2004-0762, CVE-2004-0763, CVE-2004-0764, CVE-2004-0765, CVE-2005-0399, CVE-2005-0989, CVE-2005-1153, CVE-2005-1154, CVE-2005-1155, CVE-2005-1156, CVE-2005-1157, CVE-2005-1159, CVE-2005-1160, CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, CVE-2005-1532, CVE-2005-2701, CVE-2005-2702, CVE-2005-2703, CVE-2005-2704, CVE-2005-2705, CVE-2005-2706, CVE-2005-2707, CVE-2005-2968

BID: 10877, 13233, 15495