Launchpad CVE tracker

CVE 2005-2266

Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.

Related bugs and status

CVE-2005-2266 (Candidate) is related to these bugs:

Bug #15339: mozilla-thunderbird: FTBFS (gcc-4.0/amd64/ppc64): array type has incomplete element type

Summary				In	Importance	Status
	15339	mozilla-thunderbird: FTBFS (gcc-4.0/amd64/ppc64): array type has incomplete element type		mozilla-thunderbird (Ubuntu)	High	Fix Released
	15339	mozilla-thunderbird: FTBFS (gcc-4.0/amd64/ppc64): array type has incomplete element type		mozilla-thunderbird (Debian)	Unknown	Fix Released

Bug #19078: Multiple vulnerabilities in Thunderbird 1.0.2

Summary				In	Importance	Status
	19078	Multiple vulnerabilities in Thunderbird 1.0.2		mozilla-thunderbird (Ubuntu)	Medium	Fix Released

Bug #20324: mozilla-thunderbird: Multiple security problems (fixed in sarge/sid, not-fixed in etch)

Summary				In	Importance	Status
	20324	mozilla-thunderbird: Multiple security problems (fixed in sarge/sid, not-fixed in etch)		mozilla-thunderbird (Ubuntu)	High	Fix Released
	20324	mozilla-thunderbird: Multiple security problems (fixed in sarge/sid, not-fixed in etch)		mozilla-thunderbird (Debian)	Unknown	Fix Released

Bug #20648: Various security bugs unfixed in debian stable

Summary				In	Importance	Status
	20648	Various security bugs unfixed in debian stable		mozilla (Ubuntu)	High	Invalid
	20648	Various security bugs unfixed in debian stable		mozilla (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2005-2266

References