CVE-2005-2266 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2005-2266 Interim 1 4 2023-12-09T02:21:49Z current 2021-05-30T12:33:02Z 2023-12-09T02:21:49Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2005-2266 Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TUERY4MPJFOOKSHHL2QNDSEJ25ODVHEI/#TUERY4MPJFOOKSHHL2QNDSEJ25ODVHEI E-Mail link for SUSE-SA:2005:045 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/X3YEJBX7PCPEXDVVJSDPHPYP2KMMKMZW/#X3YEJBX7PCPEXDVVJSDPHPYP2KMMKMZW E-Mail link for SUSE-SA:2006:022 https://www.suse.com/support/security/rating/ SUSE Security Ratings Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents. CVE-2005-2266 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N