Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla firefox/mozilla 信息泄露漏洞
Vulnerability Description
firefox及Mozilla都是web浏览器软件。 Firefox 1.0.5之前版本、mozilla 1.7.9之前版本中存在信息泄露漏洞。 由于允许子框架调用主框架top.focus及其他方法,即便主框架与子框架是不同的域,这违背了同源策略,使得远程攻击者可利用此漏洞,窃取诸如cookie、密码之类的敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A