CVE-2007-3089 Information

Feb 14, 2021 cve

Description

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame which allows remote attackers to display arbitrary HTML or execute certain JavaScript code as demonstrated by code that intercepts keystroke values from window.event aka the \promiscuous IFRAME access bug\ a related issue to CVE-2006-4568.

Reference

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lcamtuf.coredump.cx/ifsnatch/ http://osvdb.org/38024 http://secunia.com/advisories/25589 http://secunia.com/advisories/26072 http://secunia.com/advisories/26095 http://secunia.com/advisories/26103 http://secunia.com/advisories/26106 http://secunia.com/advisories/26107 http://secunia.com/advisories/26149 http://secunia.com/advisories/26151 http://secunia.com/advisories/26159 http://secunia.com/advisories/26179 http://secunia.com/advisories/26204 http://secunia.com/advisories/26205 http://secunia.com/advisories/26211 http://secunia.com/advisories/26216 http://secunia.com/advisories/26258 http://secunia.com/advisories/26271 http://secunia.com/advisories/26460 http://secunia.com/advisories/28135 http://securityreason.com/securityalert/2781 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1 http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html http://www.debian.org/security/2007/dsa-1337 http://www.debian.org/security/2007/dsa-1338 http://www.debian.org/security/2007/dsa-1339 http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml http://www.kb.cert.org/vuls/id/143297 http://www.mandriva.com/security/advisories?name=MDKSA-2007:152 http://www.mozilla.org/security/announce/2007/mfsa2007-20.html http://www.novell.com/linux/security/advisories/2007_49_mozilla.html http://www.redhat.com/support/errata/RHSA-2007-0722.html http://www.redhat.com/support/errata/RHSA-2007-0723.html http://www.redhat.com/support/errata/RHSA-2007-0724.html http://www.securityfocus.com/archive/1/470446/100/0/threaded http://www.securityfocus.com/archive/1/474226/100/0/threaded http://www.securityfocus.com/archive/1/474542/100/0/threaded http://www.securityfocus.com/bid/24286 http://www.securitytracker.com/id?1018412 http://www.ubuntu.com/usn/usn-490-1 http://www.us-cert.gov/cas/techalerts/TA07-199A.html http://www.vupen.com/english/advisories/2007/2564 http://www.vupen.com/english/advisories/2007/4256 https://bugzilla.mozilla.org/show_bug.cgi?id=381300 https://bugzilla.mozilla.org/show_bug.cgi?id=382686 https://exchange.xforce.ibmcloud.com/vulnerabilities/34701 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11122

Share on: