Vulnerability Report

CVE-2004-0718

Title: Mozilla/Firebird/Firefox/Netscape frame injection web site spoofing

Spoofing

Proof Of Concept

No public PoC currently indexed for CVE-2004-0718.

CWE Category NVD-CWE-noinfo
Published Date Jul 27, 2004
Modified Date Apr 03, 2025
Exploit Status Not Found
Score 7.5 CVSS v2.0
Exploit Probability (EPSS)
1.91%

Vulnerability Summary

CVE-2004-0718: The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

Impacted Vendors

F
firebird 1
C
cloudera 1
N
netscape 1
M
mozilla 1
F
firebirdsql 1

Reference Links

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://bugzilla.mozilla.org/show_bug.cgi?id=246448 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://secunia.com/advisories/11978 http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/ http://www.debian.org/security/2005/dsa-777 http://www.debian.org/security/2005/dsa-810 http://www.mandriva.com/security/advisories?name=MDKSA-2004:082 http://www.novell.com/linux/security/advisories/2004_36_mozilla.html http://www.redhat.com/support/errata/RHSA-2004-421.html http://www.securityfocus.com/bid/15495 https://exchange.xforce.ibmcloud.com/vulnerabilities/1598 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://bugzilla.mozilla.org/show_bug.cgi?id=246448 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://secunia.com/advisories/11978 http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/ http://www.debian.org/security/2005/dsa-777 http://www.debian.org/security/2005/dsa-810 http://www.mandriva.com/security/advisories?name=MDKSA-2004:082 http://www.novell.com/linux/security/advisories/2004_36_mozilla.html http://www.redhat.com/support/errata/RHSA-2004-421.html http://www.securityfocus.com/bid/15495 https://exchange.xforce.ibmcloud.com/vulnerabilities/1598 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997
CVSS v2.0
Source Entity [email protected]
Severity HIGH
7.5
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:L/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2004-0718 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.