Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:N/I:P/A:N
Vendors Products
Mozilla
  • Mozilla
  • Firefox

Configuration 1 [-]

OR cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*
References
Link Resource
http://secunia.com/advisories/15489 Exploit Patch Vendor Advisory
http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/ Exploit
http://www.debian.org/security/2005/dsa-810
http://www.mozilla.org/security/announce/mfsa2005-54.html Patch Vendor Advisory
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://www.novell.com/linux/security/advisories/2005_45_mozilla.html
http://www.redhat.com/support/errata/RHSA-2005-586.html
http://www.redhat.com/support/errata/RHSA-2005-587.html
http://www.securityfocus.com/bid/14242
http://www.vupen.com/english/advisories/2005/1075
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10517
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1268
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1313
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2005-07-13T04:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2005-07-13T00:00:00

Link: CVE-2005-2268

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2005-07-13T04:00:00.000

Modified: 2017-10-11T01:30:15.187

Link: CVE-2005-2268

JSON object: View

cve-icon Redhat Information

No data.

CWE