CVE-2005-2266 Information

Description

Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame even when the parent is in a different domain which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.

Reference

http://secunia.com/advisories/15549 http://secunia.com/advisories/15551 http://secunia.com/advisories/15553 http://secunia.com/advisories/19823 http://www.debian.org/security/2005/dsa-810 http://www.mozilla.org/security/announce/mfsa2005-52.html http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.novell.com/linux/security/advisories/2005_45_mozilla.html http://www.novell.com/linux/security/advisories/2006_04_25.html http://www.redhat.com/support/errata/RHSA-2005-586.html http://www.redhat.com/support/errata/RHSA-2005-587.html http://www.redhat.com/support/errata/RHSA-2005-601.html http://www.securityfocus.com/bid/14242 http://www.vupen.com/english/advisories/2005/1075 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202 https://exchange.xforce.ibmcloud.com/vulnerabilities/21332 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A100107 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10712 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1415 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A773