|Description||The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.|
|Source||CVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)|
|References||DSA-775-1, DSA-777-1, DSA-810-1, DTSA-14-1, DTSA-7-1, DTSA-8-2|
|NVD severity||high (attack range: remote)|
The information below is based on the following data on fixed versions.
This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent
upstream versions became vulnerable again, see
and were fixed again, it got CVE-2005-1937 for the reversion