MitreCVE-2007-3656CVE-2007-3656
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
99.0%
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | 1.5.4 | cpe:/a:mozilla:firefox:1.5.4::: |
| mozilla | firefox | 1.0.6 | cpe:/a:mozilla:firefox:1.0.6::: |
| mozilla | firefox | 1.5.0.5 | cpe:/a:mozilla:firefox:1.5.0.5::: |
| mozilla | firefox | 1.0.5 | cpe:/a:mozilla:firefox:1.0.5::: |
| mozilla | firefox | 1.5.0.1 | cpe:/a:mozilla:firefox:1.5.0.1::: |
| mozilla | firefox | 1.0.2 | cpe:/a:mozilla:firefox:1.0.2::: |
| mozilla | firefox | 1.0.7 | cpe:/a:mozilla:firefox:1.0.7::: |
| mozilla | firefox | 1.5 | cpe:/a:mozilla:firefox:1.5::: |
| mozilla | firefox | 1.5.0.3 | cpe:/a:mozilla:firefox:1.5.0.3::: |
| mozilla | firefox | 1.5.0.7 | cpe:/a:mozilla:firefox:1.5.0.7::: |
References
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
lcamtuf.coredump.cx/ffcache/
osvdb.org/38028
secunia.com/advisories/25589
secunia.com/advisories/25990
secunia.com/advisories/26072
secunia.com/advisories/26103
secunia.com/advisories/26107
secunia.com/advisories/26149
secunia.com/advisories/26151
secunia.com/advisories/26159
secunia.com/advisories/26179
secunia.com/advisories/26204
secunia.com/advisories/26205
secunia.com/advisories/26211
secunia.com/advisories/26216
secunia.com/advisories/26258
secunia.com/advisories/26271
secunia.com/advisories/26460
secunia.com/advisories/28135
securityreason.com/securityalert/2872
sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
www.debian.org/security/2007/dsa-1337
www.debian.org/security/2007/dsa-1338
www.debian.org/security/2007/dsa-1339
www.gentoo.org/security/en/glsa/glsa-200708-09.xml
www.mandriva.com/security/advisories?name=MDKSA-2007:152
www.mozilla.org/security/announce/2007/mfsa2007-24.html
www.novell.com/linux/security/advisories/2007_49_mozilla.html
www.redhat.com/support/errata/RHSA-2007-0722.html
www.redhat.com/support/errata/RHSA-2007-0724.html
www.securityfocus.com/archive/1/473191/100/0/threaded
www.securityfocus.com/archive/1/474226/100/0/threaded
www.securityfocus.com/archive/1/474542/100/0/threaded
www.securityfocus.com/bid/24831
www.securitytracker.com/id?1018411
www.ubuntu.com/usn/usn-490-1
www.vupen.com/english/advisories/2007/4256
bugzilla.mozilla.org/show_bug.cgi?id=387333
exchange.xforce.ibmcloud.com/vulnerabilities/35298
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9105
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
99.0%