Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2004-0718

The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

Related bugs and status

CVE-2004-0718 (Candidate) is related to these bugs:

Bug #20648: Various security bugs unfixed in debian stable

Summary				In	Importance	Status
	20648	Various security bugs unfixed in debian stable		mozilla (Ubuntu)	High	Invalid
	20648	Various security bugs unfixed in debian stable		mozilla (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/mul...
CONFIRM: http://bugzilla.mozill...
DEBIAN: DSA-777
REDHAT: RHSA-2004:421
SUSE: SUSE-SA:2004:036
SECUNIA: 11978
DEBIAN: DSA-810
SCO: SCOSA-2005.49
BID: 15495
MANDRAKE: MDKSA-2004:082
FEDORA: FLSA:2089
XF: http-frame-spoof(1598)
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...