Lucene search
Mozilla FoundationMFSA2007-34HistoryOct 18, 2007 - 12:00 a.m.
Possible file stealing through sftp protocol — Mozilla
2007-10-1800:00:00
Mozilla Foundation
www.mozilla.org
17
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
0.055
Percentile
93.4%
On Linux machines with gnome-vfs support the smb: and sftp: URI schemes are available in Firefox. Georgi Guninski showed that if an attacker can store the attack page in a mutually accessible location on the target server (/tmp perhaps) and lure the victim into loading it, the attacker could potentially read any file owned by the victim from known locations on that server.
Affected configurations
Node
mozillafirefoxRange<2.0.0.8
ORmozillaseamonkeyRange<1.1.5
Related
cvelist
cvelist
CVE-2007-5337
2007-10-21 20:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2007-34
2007-10-23 00:00:00
Mozilla Firefox /Thunderbird / Seamonkey multiple security vulnerabilities
2007-10-23 00:00:00
prion
prion
Authentication flaw
2007-10-21 20:17:00
nvd
nvd
CVE-2007-5337
2007-10-21 20:17:00
cve
cve
CVE-2007-5337
2007-10-21 20:17:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:20:22
ubuntucve
ubuntucve
CVE-2007-5337
2007-10-21 00:00:00
seebug
seebug
Mozilla Firefox 2.0.0.7多个远程安全漏洞
2007-10-23 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200711-14 (firefox seamonkey xulrunner)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200711-14 (firefox seamonkey xulrunner)
2008-09-24 00:00:00
Debian Security Advisory DSA 1396-1 (icedove)
2008-01-17 00:00:00
gentoo
gentoo
Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities
2007-11-12 00:00:00
nessus
nessus
Fedora 8 : seamonkey-1.1.5-2.fc8 (2007-2795)
2007-11-07 00:00:00
Debian DSA-1396-1 : iceweasel - several vulnerabilities
2007-10-30 00:00:00
oraclelinux
oraclelinux
Critical: seamonkey security update
2007-10-20 00:00:00
Critical: firefox security update
2007-10-20 00:00:00
Moderate: thunderbird security update
2007-10-20 00:00:00
centos
centos
thunderbird security update
2007-10-20 18:06:21
seamonkey security update
2007-10-19 22:39:36
seamonkey security update
2007-10-22 02:25:42
debian
debian
[SECURITY] [DSA 1396-1] New iceweasel packages fix several vulnerabilities
2007-10-27 11:54:56
[SECURITY] [DSA 1392-1] New xulrunner packages fix several vulnerabilities
2007-10-20 11:56:10
[SECURITY] [DSA 1401-1] New iceape packages fix several vulnerabilities
2007-11-05 23:44:32
fedora
fedora
[SECURITY] Fedora 8 Update: thunderbird-2.0.0.9-1.fc8
2007-11-16 00:39:02
[SECURITY] Fedora 7 Update: seamonkey-1.1.5-1.fc7
2007-10-24 07:02:38
[SECURITY] Fedora 7 Update: thunderbird-2.0.0.9-1.fc7
2007-11-16 00:41:37
ubuntu
ubuntu
Thunderbird vulnerabilities
2007-10-23 00:00:00
Firefox vulnerabilities
2007-10-22 00:00:00
osv
osv
xulrunner - several vulnerabilities
2007-10-20 00:00:00
iceape - several vulnerabilities
2007-11-05 00:00:00
iceweasel
2007-10-27 00:00:00
redhat
redhat
(RHSA-2007:0980) Critical: seamonkey security update
2007-10-19 00:00:00
(RHSA-2007:0981) Moderate: thunderbird security update
2007-10-19 00:00:00
(RHSA-2007:0979) Critical: firefox security update
2007-10-19 00:00:00
suse
suse
remote code execution in MozillaFirefox,mozilla,seamonkey
2007-10-25 18:13:14
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
0.055
Percentile
93.4%
Related for MFSA2007-34