CVE-2004-0718

NameCVE-2004-0718
DescriptionThe (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDSA-775-1, DSA-777-1, DSA-810-1, DTSA-14-1, DTSA-7-1, DTSA-8-2

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mozillasourcesarge2:1.7.8-1sarge2mediumDSA-810-1
mozillasourceetch2:1.7.8-1sarge2DTSA-14-1
mozillasource(unstable)2:1.7.10-1medium
mozilla-firefoxsourcesarge1.0.4-2sarge1mediumDSA-775-1
mozilla-firefoxsourceetch1.0.4-2sarge3mediumDTSA-8-2
mozilla-firefoxsource(unstable)1.0.6-1medium

Notes

This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent
upstream versions became vulnerable again, see
https://bugzilla.mozilla.org/show_bug.cgi?id=296850
and were fixed again, it got CVE-2005-1937 for the reversion
Search for package or bug name: Reporting problems