CVE-2005-2266

NameCVE-2005-2266
DescriptionFirefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-779-1, DSA-779-2, DSA-781-1, DSA-810-1, DTSA-14-1, DTSA-8-2
NVD severitymedium (attack range: remote)
Debian Bugs318062, 318728
Debian/oldstablenot known to be vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mozillasource(unstable)2:1.7.9-1medium318062
mozillasourceetch2:1.7.8-1sarge2mediumDTSA-14-1
mozillasourcesarge2:1.7.8-1sarge2mediumDSA-810-1
mozilla-firefoxsource(unstable)1.0.5-1medium
mozilla-firefoxsourceetch1.0.4-2sarge3mediumDTSA-8-2
mozilla-firefoxsourcesarge1.0.4-2sarge3mediumDSA-779-2
mozilla-thunderbirdsource(unstable)1.0.6-1low318728
mozilla-thunderbirdsourcesarge1.0.2-2.sarge1.0.6mediumDSA-781-1

Search for package or bug name: Reporting problems