Lucene search

[email protected]NVD:CVE-2007-3656

HistoryJul 10, 2007 - 7:30 p.m.

CVE-2007-3656

2007-07-1019:30:00

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.921

Percentile

99.0%

JSON

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.

Affected configurations

Nvd

Node

mozillafirefoxMatch1.0

mozillafirefoxMatch1.0.1

mozillafirefoxMatch1.0.2

mozillafirefoxMatch1.0.3

mozillafirefoxMatch1.0.4

mozillafirefoxMatch1.0.5

mozillafirefoxMatch1.0.6

mozillafirefoxMatch1.0.7

mozillafirefoxMatch1.0.8

mozillafirefoxMatch1.5

mozillafirefoxMatch1.5.0.1

mozillafirefoxMatch1.5.0.2

mozillafirefoxMatch1.5.0.3

mozillafirefoxMatch1.5.0.4

mozillafirefoxMatch1.5.0.5

mozillafirefoxMatch1.5.0.6

mozillafirefoxMatch1.5.0.7

mozillafirefoxMatch1.5.0.8

mozillafirefoxMatch1.5.0.9

mozillafirefoxMatch1.5.0.10

mozillafirefoxMatch1.5.0.11

mozillafirefoxMatch1.5.0.12

mozillafirefoxMatch1.5.1

mozillafirefoxMatch1.5.2

mozillafirefoxMatch1.5.3

mozillafirefoxMatch1.5.4

mozillafirefoxMatch1.5.5

mozillafirefoxMatch1.5.6

mozillafirefoxMatch1.5.7

mozillafirefoxMatch1.5.8

mozillafirefoxMatch1.8

References

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt

ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

lcamtuf.coredump.cx/ffcache/

osvdb.org/38028

secunia.com/advisories/25589

secunia.com/advisories/25990

secunia.com/advisories/26072

secunia.com/advisories/26103

secunia.com/advisories/26107

secunia.com/advisories/26149

secunia.com/advisories/26151

secunia.com/advisories/26159

secunia.com/advisories/26179

secunia.com/advisories/26204

secunia.com/advisories/26205

secunia.com/advisories/26211

secunia.com/advisories/26216

secunia.com/advisories/26258

secunia.com/advisories/26271

secunia.com/advisories/26460

secunia.com/advisories/28135

securityreason.com/securityalert/2872

sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1

sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html

www.debian.org/security/2007/dsa-1337

www.debian.org/security/2007/dsa-1338

www.debian.org/security/2007/dsa-1339

www.gentoo.org/security/en/glsa/glsa-200708-09.xml

www.mandriva.com/security/advisories?name=MDKSA-2007:152

www.mozilla.org/security/announce/2007/mfsa2007-24.html

www.novell.com/linux/security/advisories/2007_49_mozilla.html

www.redhat.com/support/errata/RHSA-2007-0722.html

www.redhat.com/support/errata/RHSA-2007-0724.html

www.securityfocus.com/archive/1/473191/100/0/threaded

www.securityfocus.com/archive/1/474226/100/0/threaded

www.securityfocus.com/archive/1/474542/100/0/threaded

www.securityfocus.com/bid/24831

www.securitytracker.com/id?1018411

www.ubuntu.com/usn/usn-490-1

www.vupen.com/english/advisories/2007/4256

bugzilla.mozilla.org/show_bug.cgi?id=387333

exchange.xforce.ibmcloud.com/vulnerabilities/35298

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9105

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.921

Percentile

99.0%

JSON

Related for NVD:CVE-2007-3656

cvelist1 securityvulns3 prion1 ubuntucve1 mozilla1 checkpoint_advisories1 veracode1 cve1 nessus29 openvas33 fedora8 centos3 osv3 redhat2 oraclelinux2 debian3 gentoo1 ubuntu1 suse2