Vulnerability Name: CVE-2004-0719 (CCN-1598) Assigned: 1998-12-23 Published: 1998-12-23 Updated: 2021-07-23 Summary: Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. CVSS v3 Severity: 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-Other Vulnerability Consequences: Obtain Information References: Source: CCN Type: BugTraq Mailing List, Tue Nov 30 1999 - 11:53:44 CSTDefault IE 5.0 security settings allow frame spoofing Source: MITRE Type: CNACVE-1999-0827 Source: MITRE Type: CNACVE-1999-0869 Source: MITRE Type: CNACVE-2004-0717 Source: MITRE Type: CNACVE-2004-0718 Source: MITRE Type: CNACVE-2004-0719 Source: MITRE Type: CNACVE-2004-0720 Source: MITRE Type: CNACVE-2004-0721 Source: MITRE Type: CNACVE-2005-1937 Source: CCN Type: Conectiva Linux Security Announcement CLSA-2004:864Fix for multiple security vulnerabilities Source: CCN Type: Conectiva Linux Security Announcement CLSA-2004:877New upstream for mozilla Source: CCN Type: Apple Security Update 2004-09-07Component: Safari Source: CCN Type: Netscape Security NotesThe Frame-Spoofing Vulnerability Source: CCN Type: RHSA-2004-412kdelibs Source: CCN Type: RHSA-2004-421mozilla security update Source: CCN Type: RHSA-2005-586firefox security update Source: CCN Type: RHSA-2005-587mozilla security update Source: CCN Type: SA11966Internet Explorer Frame Injection Vulnerability Source: SECUNIA Type: Patch, Vendor Advisory11966 Source: CCN Type: SA11978Multiple Browsers Frame Injection Vulnerability Source: SECUNIA Type: Vendor Advisory11978 Source: CCN Type: SA15601Mozilla / Mozilla Firefox Frame Injection Vulnerability Source: MISC Type: Vendor Advisoryhttp://secunia.com/multiple_browsers_frame_injection_vulnerability_test/ Source: CCN Type: Slackware Security Advisories Fri, 3 Sep 2004 22:01:35 -0700 (PDT)[slackware-security] kde (SSA:2004-247-01) Source: CCN Type: Slackware Security Advisories Tue, 10 Aug 2004 14:17:12 -0700 (PDT)[slackware-security] Mozilla (SSA:2004-223-01) Source: CCN Type: Sun Alert ID: 57701Multiple Security Vulnerabilities in Mozilla Source: CCN Type: CIAC Information Bulletin O-195Mozilla Updated Security Packages Source: CCN Type: CIAC Information Bulletin O-212Apple Security Update Source: CCN Type: CIAC Information Bulletin P-069Sun - Multiple Mozilla Vulnerabilities Source: CCN Type: CIAC INFORMATION BULLETIN P-251Mozilla Security Updates Source: CCN Type: CIAC INFORMATION BULLETIN P-252Firefox Security Updates Source: DEBIAN Type: DSA-775mozilla-firefox -- frame injection spoofing Source: DEBIAN Type: DSA-777mozilla -- frame injection spoofing Source: DEBIAN Type: DSA-810mozilla -- several vulnerabilities Source: CCN Type: KDE Security Advisory advisory-20040811-3Konqueror Frame Injection Vulnerability Source: CCN Type: Microsoft Security Bulletin MS98-020Patch Available for "Frame Spoof" Vulnerability Source: CCN Type: OSVDB ID: 59836Opera Cross-domain Frame Injection Content Spoofing Source: CCN Type: OSVDB ID: 59837Apple Safari Cross-domain Frame Injection Content Spoofing Source: CCN Type: OSVDB ID: 7296Microsoft IE Cross-domain Frame Injection Content Spoofing Source: CCN Type: OSVDB ID: 7866Microsoft IE Frame Spoofing Content Injection Source: CCN Type: OSVDB ID: 7874Microsoft IE Cross Domain Sub-frame Navigation Content Spoofing Source: CCN Type: BID-10763Opera Web Browser Cross-Domain Frame Loading Vulnerability Source: CCN Type: BID-10877Mozilla Cross-Domain Frame Loading Vulnerability Source: CCN Type: BID-10921KDE Konqueror Cross-Domain Frame Loading Vulnerability Source: CCN Type: BID-11140Apple Safari Cross-Domain Frame Loading Vulnerability Source: CCN Type: BID-14242Mozilla Suite, Firefox And Thunderbird Multiple Vulnerabilities Source: CCN Type: BID-15495SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Multiple Vulnerabilities Fixed Source: CCN Type: BID-855Internet Explorer Subframe Spoofing Vulnerability Source: CCN Type: USN-149-1Firefox vulnerabilities Source: CCN Type: USN-149-2Fixed Firefox packages for USN-149-1 Source: CCN Type: USN-149-3Ubuntu 4.10 update for Firefox vulnerabilities Source: CCN Type: USN-155-1Mozilla vulnerabilities Source: CCN Type: USN-155-2Updated Epiphany packages to match Mozilla security update Source: CCN Type: USN-155-3Fixed mozilla locale packages Source: XF Type: UNKNOWNhttp-frame-spoof(1598) Source: XF Type: UNKNOWNhttp-frame-spoof(1598) Source: CCN Type: Microsoft Knowledge Base Article 167614Update Available For "Frame Spoof" Security Issue Source: CCN Type: SUSE-SA:2004:030apache2: remote DoS condition Source: CCN Type: SUSE-SA:2004:031cups: remote code execution Source: CCN Type: SUSE-SA:2004:032apache2: remote denial-of-service Source: CCN Type: SUSE-SA:2004:033gtk2 gdk-pixbuf: remote code execution Source: CCN Type: SUSE-SA:2004:034XFree86-libs xshared: remote command execution Source: CCN Type: SUSE-SA:2004:035samba: remote file disclosure Source: CCN Type: SUSE-SA:2004:036mozilla: various vulnerabilities Source: CCN Type: SUSE-SA:2005:045mozilla MozillaFirefox epiphany galeon: information leak Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:internet_explorer:3.0.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:* OR cpe:/a:netscape:navigator:*:*:*:*:*:*:*:* OR cpe:/a:apple:safari:*:*:*:*:*:*:*:* OR cpe:/a:opera:opera_browser:7.51:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:* OR cpe:/a:opera:opera_browser:7.50:*:*:*:*:*:*:* AND cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:* OR cpe:/o:sun:sunos:5.9:*:*:*:*:*:*:* OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:* OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:* OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:10.0:*:*:*:*:*:*:* OR cpe:/o:kde:kde:3.2.3:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:1.0:*:desktop:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:* OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86-64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:* Denotes that component is vulnerable BACK
microsoft internet explorer 5.0.1 sp4
microsoft internet explorer 5.5
microsoft internet explorer 5.0.1
microsoft internet explorer 5.0.1 sp1
microsoft internet explorer 6.0
microsoft ie 6.0 sp1
microsoft internet explorer 5.5 sp1
microsoft internet explorer 5.5 sp2
microsoft internet explorer 5.0.1 sp2
microsoft internet explorer 5.0.1 sp3
microsoft ie 3.0.1
microsoft ie 3.0.2
microsoft ie 4.0
microsoft ie 4.0.1
netscape navigator *
apple safari *
opera opera browser 7.51
mozilla firefox 1.0.3
mozilla mozilla suite 1.7.7
opera opera browser 7.50
sun solaris 8
sun solaris 9
gentoo linux *
suse suse linux 8.1
suse linux enterprise server 8
slackware slackware linux current
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
suse suse linux 8.2
redhat enterprise linux 2.1
conectiva linux 9.0
slackware slackware linux 9.1
suse suse linux 9.0
mandrakesoft mandrake linux 9.2
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
mandrakesoft mandrake linux 10.0
suse suse linux 9.1
redhat enterprise linux 3
conectiva linux 10
slackware slackware linux 10.0
kde kde 3.2.3
suse suse linux 9.2
mandrakesoft mandrake linux 10.1
suse suse linux 1.0
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux 4
redhat enterprise linux 4
novell linux desktop 9
redhat enterprise linux 4
redhat enterprise linux 4
debian debian linux 3.1
redhat linux advanced workstation 2.1
suse linux enterprise server 9
mandrakesoft mandrake linux 10.1
mandrakesoft mandrake linux corporate server 3.0
mandrakesoft mandrake linux 9.2
mandrakesoft mandrake linux 10.0
suse suse linux 9.3