CVE-2007-3089
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2007-3089
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mozilla Firefox about:blank IFRAME帧跨域访问漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mozilla Mozilla Firefox是美国Mozilla基金会开发的一款开源Web浏览器。 Firefox在处理文件加载时存在漏洞,远程攻击者在特定情况下可能利用此漏洞欺骗地址栏方便执行钓鱼攻击。 在加载页面阶段或about:blank帧的情况下,Firefox允许使用document.write替换IFRAME帧。如果用户从脚本打开了窗口,在加载页面期间就可能在短时间内欺骗新打开窗口帧的内容,执行网络钓鱼类的攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2007-3089
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2007-3089
请登录查看更多情报信息。
Vendor Advisories for CVE-2007-3089 (36)
- https://bugzilla.mozilla.org/show_bug.cgi?id=382686x_refsource_CONFIRM
- http://www.mozilla.org/security/announce/2007/mfsa2007-20.htmlx_refsource_CONFIRM
Mailing List Discussions for CVE-2007-3089 (1)
- http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.htmlmailing-listx_refsource_FULLDISC
Other References for CVE-2007-3089 (13)
- http://lcamtuf.coredump.cx/ifsnatch/x_refsource_MISC
- ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txtx_refsource_CONFIRM
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1vendor-advisoryx_refsource_SUNALERT
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1vendor-advisoryx_refsource_SUNALERT
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742vendor-advisoryx_refsource_HP
- ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.ascvendor-advisoryx_refsource_SGI
Same Patch Batch · n/a · 2007-06-06 · 58 CVEs total
| CVE-2007-3083 | Z-Blog 敏感信息泄露漏洞 | |
| CVE-2007-3093 | Sun Solaris Management Console Logging Mechanism 远程特权提升漏洞 | |
| CVE-2007-3095 | Symantec Reporting Server 身份认证绕过漏洞 | |
| CVE-2007-2919 | FlipViewer FlipViewerX.dll ActiveX控件多个栈溢出漏洞 | |
| CVE-2007-3094 | Sun Solaris Management Console Authentication Mechanism 远程特权提升漏洞 | |
| CVE-2007-3096 | PBLang (PBL) login.php 目录遍历漏洞 | |
| CVE-2007-3087 | Peercast密码泄露漏洞 | |
| CVE-2007-3086 | Agnitum Outpost Firewall Outpost_IPC_HDR 本地拒绝服务漏洞 | |
| CVE-2007-3085 | PBSite PHP多个远程文件包含漏洞 | |
| CVE-2007-3084 | Comdev Web Blogger sampleblogger.php PHP远程文件包含漏洞 | |
| CVE-2007-3088 | Comicsense index.php SQL注入漏洞 | |
| CVE-2007-3082 | SendCard SendCard.PHP 目录遍历漏洞 | |
| CVE-2007-3081 | Comdev eCommerce sampleecommerce.php PHP远程文件包含漏洞 | |
| CVE-2007-3080 | Hunkaray Okul Portaly Haberoku.ASP SQL注入漏洞 | |
| CVE-2007-3079 | EQdkp listmembers.php 远程攻击漏洞 | |
| CVE-2007-3078 | Aigaion HTML注入漏洞 | |
| CVE-2007-3077 | EQDKP Listmembers.PHP SQL注入漏洞 | |
| CVE-2007-3076 | Zenturi ProgramChecker sasatl.dll ActiveX控件下载任意文件漏洞 | |
| CVE-2007-3075 | Microsoft Internet Explorer 目录遍历漏洞 | |
| CVE-2007-3074 | Mozilla Firefox安装目录文件泄露漏洞 |
Showing top 20 of 58 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-9422
KLiK SocialMediaWebsite HTTP POST Request Parameter injectio - CVE-2026-9421
KLiK SocialMediaWebsite File upload.inc.php uniqid unrestric - CVE-2026-9420
KLiK SocialMediaWebsite HTTP GET Request Parameter injection - CVE-2026-9376
JPress UCenter Article Submission Endpoint doWriteSave impro - CVE-2026-9373
JeecgBoot OpenAPI Endpoint call improper authentication
V. Comments for CVE-2007-3089
No comments yet