CVE-2005-2266

NameCVE-2005-2266
DescriptionFirefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-779-1, DSA-779-2, DSA-781-1, DSA-810-1, DTSA-14-1, DTSA-8-2
Debian Bugs318062, 318728

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mozillasourcesarge2:1.7.8-1sarge2mediumDSA-810-1
mozillasourceetch2:1.7.8-1sarge2DTSA-14-1
mozillasource(unstable)2:1.7.9-1medium318062
mozilla-firefoxsourcesarge1.0.4-2sarge3mediumDSA-779-2
mozilla-firefoxsourceetch1.0.4-2sarge3mediumDTSA-8-2
mozilla-firefoxsource(unstable)1.0.5-1medium
mozilla-thunderbirdsourcesarge1.0.2-2.sarge1.0.6mediumDSA-781-1
mozilla-thunderbirdsource(unstable)1.0.6-1low318728

Search for package or bug name: Reporting problems