CVE - CVE-2007-3089

CVE-ID
CVE-2007-3089	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20070604 Assorted browser vulnerabilities URL:http://www.securityfocus.com/archive/1/470446/100/0/threaded BUGTRAQ:20070720 rPSA-2007-0148-1 firefox thunderbird URL:http://www.securityfocus.com/archive/1/474226/100/0/threaded BUGTRAQ:20070724 FLEA-2007-0033-1: firefox thunderbird URL:http://www.securityfocus.com/archive/1/474542/100/0/threaded FULLDISC:20070604 Assorted browser vulnerabilities URL:http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html MISC:http://lcamtuf.coredump.cx/ifsnatch/ MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=381300 MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=382686 CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=381300 CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=382686 CONFIRM:http://www.mozilla.org/security/announce/2007/mfsa2007-20.html CONFIRM:ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt CONFIRM:http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html DEBIAN:DSA-1337 URL:http://www.debian.org/security/2007/dsa-1337 DEBIAN:DSA-1338 URL:http://www.debian.org/security/2007/dsa-1338 DEBIAN:DSA-1339 URL:http://www.debian.org/security/2007/dsa-1339 GENTOO:GLSA-200708-09 URL:http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml HP:HPSBUX02153 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 HP:SSRT061181 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 MANDRIVA:MDKSA-2007:152 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:152 REDHAT:RHSA-2007:0722 URL:http://www.redhat.com/support/errata/RHSA-2007-0722.html REDHAT:RHSA-2007:0723 URL:http://www.redhat.com/support/errata/RHSA-2007-0723.html REDHAT:RHSA-2007:0724 URL:http://www.redhat.com/support/errata/RHSA-2007-0724.html SGI:20070701-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc SUNALERT:103177 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1 SUNALERT:201516 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1 SUSE:SUSE-SA:2007:049 URL:http://www.novell.com/linux/security/advisories/2007_49_mozilla.html UBUNTU:USN-490-1 URL:http://www.ubuntu.com/usn/usn-490-1 CERT:TA07-199A URL:http://www.us-cert.gov/cas/techalerts/TA07-199A.html CERT-VN:VU#143297 URL:http://www.kb.cert.org/vuls/id/143297 BID:24286 URL:http://www.securityfocus.com/bid/24286 OSVDB:38024 URL:http://osvdb.org/38024 OVAL:oval:org.mitre.oval:def:11122 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11122 VUPEN:ADV-2007-2564 URL:http://www.vupen.com/english/advisories/2007/2564 VUPEN:ADV-2007-4256 URL:http://www.vupen.com/english/advisories/2007/4256 SECTRACK:1018412 URL:http://www.securitytracker.com/id?1018412 SECUNIA:26095 URL:http://secunia.com/advisories/26095 SECUNIA:26103 URL:http://secunia.com/advisories/26103 SECUNIA:26106 URL:http://secunia.com/advisories/26106 SECUNIA:26107 URL:http://secunia.com/advisories/26107 SECUNIA:25589 URL:http://secunia.com/advisories/25589 SECUNIA:26179 URL:http://secunia.com/advisories/26179 SECUNIA:26149 URL:http://secunia.com/advisories/26149 SECUNIA:26151 URL:http://secunia.com/advisories/26151 SECUNIA:26072 URL:http://secunia.com/advisories/26072 SECUNIA:26211 URL:http://secunia.com/advisories/26211 SECUNIA:26216 URL:http://secunia.com/advisories/26216 SECUNIA:26204 URL:http://secunia.com/advisories/26204 SECUNIA:26205 URL:http://secunia.com/advisories/26205 SECUNIA:26159 URL:http://secunia.com/advisories/26159 SECUNIA:26271 URL:http://secunia.com/advisories/26271 SECUNIA:26258 URL:http://secunia.com/advisories/26258 SECUNIA:26460 URL:http://secunia.com/advisories/26460 SECUNIA:28135 URL:http://secunia.com/advisories/28135 SREASON:2781 URL:http://securityreason.com/securityalert/2781 XF:firefox-iframe-security-bypass(34701) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34701
Assigning CNA
N/A
Date Entry Created
20070606	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070606)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org