NVD Vulnerability Detail

CVE-2007-3089

Summary	Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568.
Publication Date	June 7, 2007, 6:30 a.m.
Registration Date	Jan. 29, 2021, 2:14 p.m.
Last Update	Oct. 17, 2018, 1:47 a.m.

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:0.8:::::::*
cpe:2.3:a:mozilla:firefox:0.9:::::::*
cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
cpe:2.3:a:mozilla:firefox:0.10:::::::*
cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0:::::::*
cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.0.7:::::::*
cpe:2.3:a:mozilla:firefox:1.0.8:::::::*
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.8:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.9:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.11:::::::*
cpe:2.3:a:mozilla:firefox:1.5.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.6:::::::*
cpe:2.3:a:mozilla:firefox:1.5.7:::::::*
cpe:2.3:a:mozilla:firefox:1.5.8:::::::*
cpe:2.3:a:mozilla:firefox:2.0:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.2:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.3:::::::*
cpe:2.3:a:mozilla:firefox::::::::		2.0.0.4

Related information, measures and tools

No	URL	refsource	タグ
1	ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt	CONFIRM
2	ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc	SGI
3	http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html	FULLDISC
4	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	HP
5	http://lcamtuf.coredump.cx/ifsnatch/	MISC
6	http://osvdb.org/38024	OSVDB
7	http://secunia.com/advisories/25589	SECUNIA	Vendor Advisory
8	http://secunia.com/advisories/26072	SECUNIA	Vendor Advisory
9	http://secunia.com/advisories/26095	SECUNIA	Vendor Advisory
10	http://secunia.com/advisories/26103	SECUNIA	Vendor Advisory
11	http://secunia.com/advisories/26106	SECUNIA	Vendor Advisory
12	http://secunia.com/advisories/26107	SECUNIA	Vendor Advisory
13	http://secunia.com/advisories/26149	SECUNIA	Vendor Advisory
14	http://secunia.com/advisories/26151	SECUNIA	Vendor Advisory
15	http://secunia.com/advisories/26159	SECUNIA	Vendor Advisory
16	http://secunia.com/advisories/26179	SECUNIA	Vendor Advisory
17	http://secunia.com/advisories/26204	SECUNIA	Vendor Advisory
18	http://secunia.com/advisories/26205	SECUNIA	Vendor Advisory
19	http://secunia.com/advisories/26211	SECUNIA	Vendor Advisory
20	http://secunia.com/advisories/26216	SECUNIA	Vendor Advisory
21	http://secunia.com/advisories/26258	SECUNIA	Vendor Advisory
22	http://secunia.com/advisories/26271	SECUNIA	Vendor Advisory
23	http://secunia.com/advisories/26460	SECUNIA	Vendor Advisory
24	http://secunia.com/advisories/28135	SECUNIA	Vendor Advisory
25	http://securityreason.com/securityalert/2781	SREASON
26	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1	SUNALERT
27	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1	SUNALERT
28	http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html	CONFIRM
29	http://www.debian.org/security/2007/dsa-1337	DEBIAN
30	http://www.debian.org/security/2007/dsa-1338	DEBIAN
31	http://www.debian.org/security/2007/dsa-1339	DEBIAN
32	http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml	GENTOO
33	http://www.kb.cert.org/vuls/id/143297	CERT-VN	US Government Resource
34	http://www.mandriva.com/security/advisories?name=MDKSA-2007:152	MANDRIVA
35	http://www.mozilla.org/security/announce/2007/mfsa2007-20.html	CONFIRM
36	http://www.novell.com/linux/security/advisories/2007_49_mozilla.html	SUSE
37	http://www.redhat.com/support/errata/RHSA-2007-0722.html	REDHAT	Vendor Advisory
38	http://www.redhat.com/support/errata/RHSA-2007-0723.html	REDHAT	Vendor Advisory
39	http://www.redhat.com/support/errata/RHSA-2007-0724.html	REDHAT	Vendor Advisory
40	http://www.securityfocus.com/archive/1/470446/100/0/threaded	BUGTRAQ
41	http://www.securityfocus.com/archive/1/474226/100/0/threaded	BUGTRAQ
42	http://www.securityfocus.com/archive/1/474542/100/0/threaded	BUGTRAQ
43	http://www.securityfocus.com/bid/24286	BID
44	http://www.securitytracker.com/id?1018412	SECTRACK
45	http://www.ubuntu.com/usn/usn-490-1	UBUNTU
46	http://www.us-cert.gov/cas/techalerts/TA07-199A.html	CERT	US Government Resource
47	http://www.vupen.com/english/advisories/2007/2564	VUPEN
48	http://www.vupen.com/english/advisories/2007/4256	VUPEN
49	https://bugzilla.mozilla.org/show_bug.cgi?id=381300	MISC
50	https://bugzilla.mozilla.org/show_bug.cgi?id=382686	CONFIRM
51	https://exchange.xforce.ibmcloud.com/vulnerabilities/34701	XF
52	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11122	OVAL

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:0.8:::::::*
cpe:2.3:a:mozilla:firefox:0.9:::::::*
cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
cpe:2.3:a:mozilla:firefox:0.10:::::::*
cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0:::::::*
cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.0.7:::::::*
cpe:2.3:a:mozilla:firefox:1.0.8:::::::*
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.8:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.9:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.11:::::::*
cpe:2.3:a:mozilla:firefox:1.5.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.6:::::::*
cpe:2.3:a:mozilla:firefox:1.5.7:::::::*
cpe:2.3:a:mozilla:firefox:1.5.8:::::::*
cpe:2.3:a:mozilla:firefox:2.0:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.2:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.3:::::::*
cpe:2.3:a:mozilla:firefox::::::::		2.0.0.4