CVE-2004-0718
published 2004-07-27CVE-2004-0718: The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content…
PriorityP423high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.75%
75.0th percentile
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| firebirdsql | firebird | — | — |
| mozilla | firefox | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| netscape | navigator | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2005-06-06·CVSS 7.5
CVE-2005-1937 [HIGH] security flaw
security flaw
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.
Red Hat
security flaw
vendor_redhat·2004-07-01·CVSS 7.5
CVE-2004-0718 [HIGH] security flaw
security flaw
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
GHSA
GHSA-7wc5-rw74-x5q6: The (1) Mozilla 1
ghsa_unreviewed·2022-05-03
CVE-2004-0718 [HIGH] GHSA-7wc5-rw74-x5q6: The (1) Mozilla 1
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
GHSA
GHSA-ffxc-32xj-v3rp: A regression error in Firefox 1
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-1937 [HIGH] GHSA-ffxc-32xj-v3rp: A regression error in Firefox 1
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.
No detection rules found.
Bugzilla
CVE-2005-1937 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2005-1937 [HIGH] CVE-2005-1937 security flaw
CVE-2005-1937 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.
Bugzilla
CVE-2004-0718 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2004-0718 [HIGH] CVE-2004-0718 security flaw
CVE-2004-0718 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txthttp://bugzilla.mozilla.org/show_bug.cgi?id=246448http://marc.info/?l=bugtraq&m=109900315219363&w=2http://secunia.com/advisories/11978http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/http://www.debian.org/security/2005/dsa-777http://www.debian.org/security/2005/dsa-810http://www.mandriva.com/security/advisories?name=MDKSA-2004:082http://www.novell.com/linux/security/advisories/2004_36_mozilla.htmlhttp://www.redhat.com/support/errata/RHSA-2004-421.htmlhttp://www.securityfocus.com/bid/15495https://exchange.xforce.ibmcloud.com/vulnerabilities/1598https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txthttp://bugzilla.mozilla.org/show_bug.cgi?id=246448http://marc.info/?l=bugtraq&m=109900315219363&w=2http://secunia.com/advisories/11978http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/http://www.debian.org/security/2005/dsa-777http://www.debian.org/security/2005/dsa-810http://www.mandriva.com/security/advisories?name=MDKSA-2004:082http://www.novell.com/linux/security/advisories/2004_36_mozilla.htmlhttp://www.redhat.com/support/errata/RHSA-2004-421.htmlhttp://www.securityfocus.com/bid/15495https://exchange.xforce.ibmcloud.com/vulnerabilities/1598https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997
2004-07-27
Published