New Search

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame which allows remote attackers to display arbitrary HTML or execute certain JavaScript code as demonstrated by code that intercepts keystroke values from window.event aka the "promiscuous IFRAME access bug" a related issue to CVE-2006-4568.

oval:org.mitre.oval:def:11122

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame which allows remote attackers to display arbitrary HTML or execute certain JavaScript code as demonstrated by code that intercepts keystroke values from window.event aka the "promiscuous IFRAME access bug" a related issue to CVE-2006-4568.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Oracle Linux 4
  • CentOS Linux 3
  • Red Hat Enterprise Linux 3
  • Red Hat Enterprise Linux 4
  • CentOS Linux 5
  • CentOS Linux 4
  • Red Hat Enterprise Linux 5
  • Oracle Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2007-3089
Product(s):