Oval Definition:oval:org.mitre.oval:def:10712
Revision Date:2013-04-29Version:11
Title:Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.
Description:Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2005-2266
Platform(s):CentOS Linux 3
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Product(s):
Definition Synopsis
  • OS Section: RHEL3, CentOS3
  • RHEL3 or CentOS3
  • The operating system installed on the system is Red Hat Enterprise Linux 3
  • OR CentOS Linux 3.x
  • AND Configuration section
  • mozilla-js-debugger is earlier than 37:1.7.10-1.1.3.1
  • OR mozilla is earlier than 37:1.7.10-1.1.3.1
  • OR mozilla-chat is earlier than 37:1.7.10-1.1.3.1
  • OR mozilla-mail is earlier than 37:1.7.10-1.1.3.1
  • OR mozilla-dom-inspector is earlier than 37:1.7.10-1.1.3.1
  • OR mozilla-devel is earlier than 37:1.7.10-1.1.3.1
  • OR mozilla-nss is earlier than 37:1.7.10-1.1.3.1
  • OR mozilla-nss-devel is earlier than 37:1.7.10-1.1.3.1
  • OR mozilla-nspr is earlier than 37:1.7.10-1.1.3.1
  • OR mozilla-nspr-devel is earlier than 37:1.7.10-1.1.3.1
  • OR OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • mozilla-js-debugger is earlier than 37:1.7.10-1.4.1
  • OR devhelp-devel is earlier than 0:0.9.2-2.4.6
  • OR mozilla is earlier than 37:1.7.10-1.4.1
  • OR thunderbird is earlier than 0:1.0.6-1.4.1
  • OR mozilla-chat is earlier than 37:1.7.10-1.4.1
  • OR mozilla-mail is earlier than 37:1.7.10-1.4.1
  • OR mozilla-dom-inspector is earlier than 37:1.7.10-1.4.1
  • OR devhelp is earlier than 0:0.9.2-2.4.6
  • OR mozilla-nss is earlier than 37:1.7.10-1.4.1
  • OR mozilla-devel is earlier than 37:1.7.10-1.4.1
  • OR mozilla-nss-devel is earlier than 37:1.7.10-1.4.1
  • OR firefox is earlier than 0:1.0.6-1.4.1
  • OR mozilla-nspr is earlier than 37:1.7.10-1.4.1
  • OR mozilla-nspr-devel is earlier than 37:1.7.10-1.4.1
    • BACK