CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
96.3%
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser’s content pane. NOTE: this issue can be leveraged for phishing and other attacks.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox | 1.5 | cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:* |
mozilla | firefox | 1.5.0.1 | cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:* |
mozilla | firefox | 1.5.0.2 | cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:* |
mozilla | firefox | 1.5.0.3 | cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:* |
mozilla | firefox | 1.5.0.4 | cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:* |
mozilla | firefox | 1.5.0.5 | cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:* |
mozilla | firefox | 1.5.0.6 | cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:* |
mozilla | firefox | 1.5.0.7 | cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:* |
mozilla | firefox | 1.5.0.8 | cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:* |
mozilla | firefox | 1.5.0.9 | cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:* |
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
osvdb.org/35137
secunia.com/advisories/25469
secunia.com/advisories/25476
secunia.com/advisories/25488
secunia.com/advisories/25490
secunia.com/advisories/25491
secunia.com/advisories/25533
secunia.com/advisories/25534
secunia.com/advisories/25559
secunia.com/advisories/25635
secunia.com/advisories/25647
secunia.com/advisories/25685
secunia.com/advisories/25750
secunia.com/advisories/25858
security.gentoo.org/glsa/glsa-200706-06.xml
slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
www.debian.org/security/2007/dsa-1300
www.debian.org/security/2007/dsa-1306
www.debian.org/security/2007/dsa-1308
www.mandriva.com/security/advisories?name=MDKSA-2007:120
www.mandriva.com/security/advisories?name=MDKSA-2007:126
www.mozilla.org/security/announce/2007/mfsa2007-17.html
www.novell.com/linux/security/advisories/2007_36_mozilla.html
www.redhat.com/support/errata/RHSA-2007-0400.html
www.redhat.com/support/errata/RHSA-2007-0401.html
www.redhat.com/support/errata/RHSA-2007-0402.html
www.securityfocus.com/archive/1/470172/100/200/threaded
www.securityfocus.com/bid/24242
www.securitytracker.com/id?1018155
www.securitytracker.com/id?1018156
www.ubuntu.com/usn/usn-468-1
www.us-cert.gov/cas/techalerts/TA07-151A.html
www.vupen.com/english/advisories/2007/1994
exchange.xforce.ibmcloud.com/vulnerabilities/34606
issues.rpath.com/browse/RPL-1424
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11433