Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2007-3089
Description:Mozilla Firefox before does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568.
Test IDs:  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2007-3089
BugTraq ID: 24286
Bugtraq: 20070604 Assorted browser vulnerabilities (Google Search)
Bugtraq: 20070720 rPSA-2007-0148-1 firefox thunderbird (Google Search)
Bugtraq: 20070724 FLEA-2007-0033-1: firefox thunderbird (Google Search)
Cert/CC Advisory: TA07-199A
CERT/CC vulnerability note: VU#143297
Debian Security Information: DSA-1337 (Google Search)
Debian Security Information: DSA-1338 (Google Search)
Debian Security Information: DSA-1339 (Google Search)
HPdes Security Advisory: HPSBUX02153
HPdes Security Advisory: SSRT061181
RedHat Security Advisories: RHSA-2007:0722
RedHat Security Advisories: RHSA-2007:0723
RedHat Security Advisories: RHSA-2007:0724
SGI Security Advisory: 20070701-01-P
SuSE Security Announcement: SUSE-SA:2007:049 (Google Search)
XForce ISS Database: firefox-iframe-security-bypass(34701)

© 1998-2021 E-Soft Inc. All rights reserved.