Intrusion Prevention

Mozilla.Firefox.Seamonkey.Security.Model.Bypass

Description

Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allow remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.

Affected Products

Mozilla Firefox before 1.5.0.7
Mozilla SeaMonkey before 1.0.5

Impact

System compromise.

Recommended Actions

The vendor has issued a fixed version.

CVE References

CVE-2006-4568