CVE-2004-0718

NameCVE-2004-0718
DescriptionThe (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-775-1, DSA-777-1, DSA-810-1, DTSA-14-1, DTSA-7-1, DTSA-8-2
NVD severityhigh (attack range: remote)
Debian/oldstablenot known to be vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mozillasource(unstable)2:1.7.10-1medium
mozillasourceetch2:1.7.8-1sarge2highDTSA-14-1
mozillasourcesarge2:1.7.8-1sarge2mediumDSA-810-1
mozilla-firefoxsource(unstable)1.0.6-1medium
mozilla-firefoxsourceetch1.0.4-2sarge3mediumDTSA-8-2
mozilla-firefoxsourcesarge1.0.4-2sarge1mediumDSA-775-1

Notes

This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent
upstream versions became vulnerable again, see
https://bugzilla.mozilla.org/show_bug.cgi?id=296850
and were fixed again, it got CVE-2005-1937 for the reversion

Search for package or bug name: Reporting problems