Home > Vulnerability Database > CVE-2005-2266

Mend.io Vulnerability Database

CVE-2005-2266

Date: July 12, 2005

Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.

Severity Score

5.3

Related Resources (23)

Url: http://www.redhat.com/support/errata/RHSA-2005-587.html

Url: http://www.novell.com/linux/security/advisories/2005_18_sr.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1415

Url: http://www.debian.org/security/2005/dsa-810

Url: http://secunia.com/advisories/15549

Url: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202

Url: http://www.securityfocus.com/bid/14242

Url: http://www.redhat.com/support/errata/RHSA-2005-586.html

Url: http://secunia.com/advisories/19823

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/21332

Url: http://secunia.com/advisories/15551

Url: http://www.novell.com/linux/security/advisories/2005_45_mozilla.html

Url: http://secunia.com/advisories/15553

Url: http://www.novell.com/linux/security/advisories/2006_04_25.html

Url: http://www.vupen.com/english/advisories/2005/1075

Url: http://www.redhat.com/support/errata/RHSA-2005-601.html

Url: http://www.mozilla.org/security/announce/mfsa2005-52.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A773

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100107

Url: https://nvd.nist.gov/vuln/detail/CVE-2005-2266

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2005-2266

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10712

Url: https://www.mend.io/vulnerability-database/CVE-2005-2266

Severity Score

5.3

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2005-2266

Date: July 12, 2005

Severity Score

Related Resources (23)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?