Unrated severityNVD Advisory· Published Jun 6, 2007· Updated Jun 16, 2026
CVE-2007-3089
CVE-2007-3089
Description
Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
45cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 41 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=2.0.0.4
- cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
- (no CPE)range: <2.0.0.5
- osv-coords3 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 2 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
- (no CPE)range: < 91.1.1-1.1
Patches
Vulnerability mechanics
References
52- secunia.com/advisories/25589nvdVendor Advisory
- secunia.com/advisories/26072nvdVendor Advisory
- secunia.com/advisories/26095nvdVendor Advisory
- secunia.com/advisories/26103nvdVendor Advisory
- secunia.com/advisories/26106nvdVendor Advisory
- secunia.com/advisories/26107nvdVendor Advisory
- secunia.com/advisories/26149nvdVendor Advisory
- secunia.com/advisories/26151nvdVendor Advisory
- secunia.com/advisories/26159nvdVendor Advisory
- secunia.com/advisories/26179nvdVendor Advisory
- secunia.com/advisories/26204nvdVendor Advisory
- secunia.com/advisories/26205nvdVendor Advisory
- secunia.com/advisories/26211nvdVendor Advisory
- secunia.com/advisories/26216nvdVendor Advisory
- secunia.com/advisories/26258nvdVendor Advisory
- secunia.com/advisories/26271nvdVendor Advisory
- secunia.com/advisories/26460nvdVendor Advisory
- secunia.com/advisories/28135nvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2007-0722.htmlnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2007-0723.htmlnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2007-0724.htmlnvdVendor Advisory
- www.kb.cert.org/vuls/id/143297nvdUS Government Resource
- www.us-cert.gov/cas/techalerts/TA07-199A.htmlnvdUS Government Resource
- ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txtnvd
- patches.sgi.com/support/free/security/advisories/20070701-01-P.ascnvd
- archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.htmlnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- lcamtuf.coredump.cx/ifsnatch/nvd
- osvdb.org/38024nvd
- securityreason.com/securityalert/2781nvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.htmlnvd
- www.debian.org/security/2007/dsa-1337nvd
- www.debian.org/security/2007/dsa-1338nvd
- www.debian.org/security/2007/dsa-1339nvd
- www.gentoo.org/security/en/glsa/glsa-200708-09.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.mozilla.org/security/announce/2007/mfsa2007-20.htmlnvd
- www.novell.com/linux/security/advisories/2007_49_mozilla.htmlnvd
- www.securityfocus.com/archive/1/470446/100/0/threadednvd
- www.securityfocus.com/archive/1/474226/100/0/threadednvd
- www.securityfocus.com/archive/1/474542/100/0/threadednvd
- www.securityfocus.com/bid/24286nvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-490-1nvd
- www.vupen.com/english/advisories/2007/2564nvd
- www.vupen.com/english/advisories/2007/4256nvd
- bugzilla.mozilla.org/show_bug.cginvd
- bugzilla.mozilla.org/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/34701nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11122nvd
News mentions
0No linked articles in our index yet.