Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ie | Microsoft | 6.0-sp1 (including) | 6.0-sp1 (including) |
| Internet_explorer | Microsoft | 5.0.1 (including) | 5.0.1 (including) |
| Internet_explorer | Microsoft | 5.0.1-sp1 (including) | 5.0.1-sp1 (including) |
| Internet_explorer | Microsoft | 5.0.1-sp2 (including) | 5.0.1-sp2 (including) |
| Internet_explorer | Microsoft | 5.0.1-sp3 (including) | 5.0.1-sp3 (including) |
| Internet_explorer | Microsoft | 5.0.1-sp4 (including) | 5.0.1-sp4 (including) |
| Internet_explorer | Microsoft | 5.5 (including) | 5.5 (including) |
| Internet_explorer | Microsoft | 5.5-sp1 (including) | 5.5-sp1 (including) |
| Internet_explorer | Microsoft | 5.5-sp2 (including) | 5.5-sp2 (including) |
| Internet_explorer | Microsoft | 6.0 (including) | 6.0 (including) |
References
- http://secunia.com/advisories/11966
- http://secunia.com/advisories/11978
- http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/1598
- http://secunia.com/advisories/11966
- http://secunia.com/advisories/11978
- http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/1598