National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2004-0718 Detail

Description

The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

Source:  MITRE      Last Modified:  07/27/2004

Quick Info

CVE Dictionary Entry:
CVE-2004-0718
Original release date:
07/27/2004
Last revised:
10/10/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
7.5 HIGH
Vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
6.4
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt External Source SCO SCOSA-2005.49
http://bugzilla.mozilla.org/show_bug.cgi?id=246448 External Source CONFIRM http://bugzilla.mozilla.org/show_bug.cgi?id=246448
http://marc.info/?l=bugtraq&m=109900315219363&w=2 External Source FEDORA FLSA:2089
http://www.debian.org/security/2005/dsa-777 External Source DEBIAN DSA-777
http://www.debian.org/security/2005/dsa-810 External Source DEBIAN DSA-810
http://www.mandriva.com/security/advisories?name=MDKSA-2004:082 External Source MANDRAKE MDKSA-2004:082
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html External Source SUSE SUSE-SA:2004:036
http://www.redhat.com/support/errata/RHSA-2004-421.html External Source REDHAT RHSA-2004:421
http://www.securityfocus.com/bid/15495 External Source BID 15495
https://exchange.xforce.ibmcloud.com/vulnerabilities/1598 External Source XF http-frame-spoof(1598)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756 External Source OVAL oval:org.mitre.oval:def:4756
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997 External Source OVAL oval:org.mitre.oval:def:9997

References to Check Content

Identifier:
oval:org.mitre.oval:def:4756
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:4756
Identifier:
oval:org.mitre.oval:def:9997
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9997

Technical Details

Vulnerability Type (View All)

Change History 4 change records found - show changes