CVE-2005-1937

NameCVE-2005-1937
DescriptionA regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-775-1, DSA-777-1, DSA-810-1, DTSA-14-1, DTSA-7-1, DTSA-8-2
NVD severitylow (attack range: remote, user-initiated)
Debian/oldstablenot known to be vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mozillasource(unstable)2:1.7.10-1medium
mozillasourceetch2:1.7.8-1sarge2lowDTSA-14-1
mozillasourcesarge2:1.7.8-1sarge2mediumDSA-810-1
mozillasourcewoody(not affected)
mozilla-firefoxsource(unstable)1.0.6-1medium
mozilla-firefoxsourceetch1.0.4-2sarge3mediumDTSA-8-2
mozilla-firefoxsourcesarge1.0.4-2sarge1mediumDSA-775-1

Notes

[woody] - mozilla <not-affected> (regression of a previous security fix)

Search for package or bug name: Reporting problems