CVE-2005-2266

Name	CVE-2005-2266
Description	Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-779-1, DSA-779-2, DSA-781-1, DSA-810-1, DTSA-14-1, DTSA-8-2
Debian Bugs	318062, 318728

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
mozilla	source	sarge	2:1.7.8-1sarge2	medium	DSA-810-1
mozilla	source	etch	2:1.7.8-1sarge2		DTSA-14-1
mozilla	source	(unstable)	2:1.7.9-1	medium		318062
mozilla-firefox	source	sarge	1.0.4-2sarge3	medium	DSA-779-2
mozilla-firefox	source	etch	1.0.4-2sarge3	medium	DTSA-8-2
mozilla-firefox	source	(unstable)	1.0.5-1	medium
mozilla-thunderbird	source	sarge	1.0.2-2.sarge1.0.6	medium	DSA-781-1
mozilla-thunderbird	source	(unstable)	1.0.6-1	low		318728