CVE-2005-1937

NameCVE-2005-1937
DescriptionA regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-775-1, DSA-777-1, DSA-810-1, DTSA-14-1, DTSA-7-1, DTSA-8-2

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mozillasourcewoody(not affected)
mozillasourcesarge2:1.7.8-1sarge2mediumDSA-810-1
mozillasourceetch2:1.7.8-1sarge2DTSA-14-1
mozillasource(unstable)2:1.7.10-1medium
mozilla-firefoxsourcesarge1.0.4-2sarge1mediumDSA-775-1
mozilla-firefoxsourceetch1.0.4-2sarge3mediumDTSA-8-2
mozilla-firefoxsource(unstable)1.0.6-1medium

Notes

[woody] - mozilla <not-affected> (regression of a previous security fix)
Search for package or bug name: Reporting problems