CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.8%
Mozilla-based browsers contain a cross-domain vulnerability, which may allow an attacker to access data in other sites.
Mozilla uses a same origin security model to maintain separation between browser frames from different sources. This model is designed to prevent code in one domain from accessing data in a different domain. From the same origin policy:
_Mozilla considers two pages to have the same origin if the protocol, port (if given), and host are the same for both pages. _
Mozilla fails to properly handle location.hostname
parameters that have embedded null characters, which can cause a cross-domain violation. Note that this only affects web sites that have specify the document.domain
setting for relaxed same origin protection. This vulnerability appears to affect all Mozilla-based browsers, including Firefox.
By convincing a victim to view an HTML document (web page), an attacker could modify data in another domain. For example, web page script in one domain could set a cookie for a web page in another domain.
Apply an update
This vulnerability is addressed in Firefox 2.0.0.2, Firefox 1.5.0.10, and SeaMonkey 1.0.8, as specified in MFSA 2007-07.
Disable the ability to set**location.hostname**
This vulnerability can be mitigated by disabling the ability for a web site to set the location.hostname
property. This can be accomplished by adding the following line to the user.js
file:
user_pref("capability.policy.default.Location.hostname.set", "noAccess");
Disable JavaScript
885753
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: February 15, 2007 Updated: February 15, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was publicly disclosed by Michal Zalewski.
This document was written by Will Dormann.
CVE IDs: | CVE-2007-0981 |
---|---|
Severity Metric: | 6.76 Date Public: |
msdn.microsoft.com/workshop/author/dhtml/reference/properties/domain.asp
secunia.com/advisories/24175/
secunia.com/advisories/24205/
secunia.com/advisories/24238/
secunia.com/advisories/24287/
secunia.com/advisories/24289/
secunia.com/advisories/24290/
secunia.com/advisories/24293/
secunia.com/advisories/24320/
secunia.com/advisories/24327/
secunia.com/advisories/24328/
secunia.com/advisories/24333/
secunia.com/advisories/24343/
secunia.com/advisories/24352/
secunia.com/advisories/24384/
secunia.com/advisories/24393/
secunia.com/advisories/24455/
secunia.com/advisories/24457/
securitytracker.com/alerts/2007/Feb/1017654.html
www.ciac.org/ciac/bulletins/r-164.shtml
www.mozilla.org/projects/security/components/same-origin.html
www.mozilla.org/security/announce/2007/mfsa2007-07.html
www.securityfocus.com/bid/22566
www.securityfocus.com/bid/22566
addons.mozilla.org/
bugzilla.mozilla.org/show_bug.cgi?id=370445