CVE-2004-0718 | Vulnerability Database | Aqua Security

The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

Affected Software

Name	Vendor	Start Version	End Version
Firebird	Firebirdsql	0.7 (including)	0.7 (including)
Mozilla	Mozilla	1.6 (including)	1.6 (including)
Navigator	Netscape	7.1 (including)	7.1 (including)
Red Hat Enterprise Linux 2.1	RedHat	galeon	*
Red Hat Enterprise Linux 3	RedHat	mozilla	*
Firefox	Ubuntu	dapper	*
Firefox	Ubuntu	devel	*
Firefox	Ubuntu	edgy	*
Firefox	Ubuntu	feisty	*
Firefox-granparadiso	Ubuntu	devel	*
Lightning-sunbird	Ubuntu	devel	*
Midbrowser	Ubuntu	devel	*

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://bugzilla.mozilla.org/show_bug.cgi?id=246448
http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2
http://secunia.com/advisories/11978
http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/
http://www.debian.org/security/2005/dsa-777
http://www.debian.org/security/2005/dsa-810
http://www.mandriva.com/security/advisories?name=MDKSA-2004:082
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
http://www.redhat.com/support/errata/RHSA-2004-421.html
http://www.securityfocus.com/bid/15495
https://exchange.xforce.ibmcloud.com/vulnerabilities/1598
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://bugzilla.mozilla.org/show_bug.cgi?id=246448
http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2
http://secunia.com/advisories/11978
http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/
http://www.debian.org/security/2005/dsa-777
http://www.debian.org/security/2005/dsa-810
http://www.mandriva.com/security/advisories?name=MDKSA-2004:082
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
http://www.redhat.com/support/errata/RHSA-2004-421.html
http://www.securityfocus.com/bid/15495
https://exchange.xforce.ibmcloud.com/vulnerabilities/1598
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0718
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html