Vulnerability Description
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 1.0.3 |
| Mozilla | Mozilla | 1.7.7 |
References
- http://secunia.com/advisories/15601
- http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101952-1
- http://www.debian.org/security/2005/dsa-777
- http://www.debian.org/security/2005/dsa-810
- http://www.mozilla.org/security/announce/mfsa2005-51.html
- http://www.novell.com/linux/security/advisories/2005_18_sr.html
- http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
- http://www.redhat.com/support/errata/RHSA-2005-586.html
- http://www.redhat.com/support/errata/RHSA-2005-587.html
- http://www.securityfocus.com/bid/14242
- http://www.vupen.com/english/advisories/2005/1075
- https://bugzilla.mozilla.org/show_bug.cgi?id=296850
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2005-1937?
CVE-2005-1937 is a vulnerability with a CVSS score of 2.6 (LOW). A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerabi...
How severe is CVE-2005-1937?
CVE-2005-1937 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1937?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla.