CVE-2007-3089 (retired)

Priority
Description
Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to
replace an IFRAME (1) during the load stage or (2) in the case of an
about:blank frame, which allows remote attackers to display arbitrary HTML
or execute certain JavaScript code, as demonstrated by code that intercepts
keystroke values from window.event, aka the "promiscuous IFRAME access
bug," a related issue to CVE-2006-4568.
Notes
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-10-09 07:07:12 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)