gsd-2007-0981
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2007-0981",
"description": "Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.",
"id": "GSD-2007-0981",
"references": [
"https://www.suse.com/security/cve/CVE-2007-0981.html",
"https://www.debian.org/security/2007/dsa-1336",
"https://access.redhat.com/errata/RHSA-2007:0108",
"https://access.redhat.com/errata/RHSA-2007:0097",
"https://access.redhat.com/errata/RHSA-2007:0079",
"https://access.redhat.com/errata/RHSA-2007:0078",
"https://access.redhat.com/errata/RHSA-2007:0077",
"https://linux.oracle.com/cve/CVE-2007-0981.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2007-0981"
],
"details": "Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.",
"id": "GSD-2007-0981",
"modified": "2023-12-13T01:21:35.818371Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2007:0078",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=370445",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=370445"
},
{
"name": "24395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24395"
},
{
"name": "32104",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32104"
},
{
"name": "20070226 rPSA-2007-0040-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
},
{
"name": "24328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24328"
},
{
"name": "RHSA-2007:0108",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
},
{
"name": "GLSA-200703-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"
},
{
"name": "20070214 Firefox: serious cookie stealing / same-domain bypass vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460126/100/200/threaded"
},
{
"name": "GLSA-200703-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"
},
{
"name": "20070215 Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460217/100/0/threaded"
},
{
"name": "SSA:2007-066-03",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.374851"
},
{
"name": "24384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24384"
},
{
"name": "firefox-locationhostname-security-bypass(32533)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32533"
},
{
"name": "24457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24457"
},
{
"name": "24343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24343"
},
{
"name": "DSA-1336",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1336"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "oval:org.mitre.oval:def:9730",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9730"
},
{
"name": "ADV-2007-0718",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0718"
},
{
"name": "VU#885753",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/885753"
},
{
"name": "24650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24650"
},
{
"name": "USN-428-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-428-1"
},
{
"name": "2262",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2262"
},
{
"name": "24320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24320"
},
{
"name": "25588",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25588"
},
{
"name": "https://issues.rpath.com/browse/RPL-1103",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1103"
},
{
"name": "SUSE-SA:2007:019",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
},
{
"name": "ADV-2008-0083",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "20070303 rPSA-2007-0040-3 firefox thunderbird",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
},
{
"name": "SUSE-SA:2007:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
},
{
"name": "24293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24293"
},
{
"name": "24238",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24238"
},
{
"name": "24393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24393"
},
{
"name": "24342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24342"
},
{
"name": "24287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24287"
},
{
"name": "SSRT061181",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "FEDORA-2007-281",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2713"
},
{
"name": "24175",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24175"
},
{
"name": "22566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22566"
},
{
"name": "RHSA-2007:0097",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
},
{
"name": "FEDORA-2007-293",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2728"
},
{
"name": "20070301-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
},
{
"name": "24205",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24205"
},
{
"name": "https://issues.rpath.com/browse/RPL-1081",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1081"
},
{
"name": "24333",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24333"
},
{
"name": "MDKSA-2007:050",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
},
{
"name": "24290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24290"
},
{
"name": "1017654",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017654"
},
{
"name": "24455",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24455"
},
{
"name": "http://www.mozilla.org/security/announce/2007/mfsa2007-07.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-07.html"
},
{
"name": "RHSA-2007:0077",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
},
{
"name": "20070202-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
},
{
"name": "ADV-2007-0624",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0624"
},
{
"name": "SSA:2007-066-05",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
},
{
"name": "RHSA-2007:0079",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
},
{
"name": "http://lcamtuf.dione.cc/ffhostname.html",
"refsource": "MISC",
"url": "http://lcamtuf.dione.cc/ffhostname.html"
},
{
"name": "24437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24437"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:preview_release:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.0.9",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0981"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lcamtuf.dione.cc/ffhostname.html",
"refsource": "MISC",
"tags": [
"Exploit"
],
"url": "http://lcamtuf.dione.cc/ffhostname.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=370445",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=370445"
},
{
"name": "VU#885753",
"refsource": "CERT-VN",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/885753"
},
{
"name": "22566",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/22566"
},
{
"name": "1017654",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1017654"
},
{
"name": "http://www.mozilla.org/security/announce/2007/mfsa2007-07.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-07.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-1081",
"refsource": "CONFIRM",
"tags": [],
"url": "https://issues.rpath.com/browse/RPL-1081"
},
{
"name": "https://issues.rpath.com/browse/RPL-1103",
"refsource": "CONFIRM",
"tags": [],
"url": "https://issues.rpath.com/browse/RPL-1103"
},
{
"name": "FEDORA-2007-281",
"refsource": "FEDORA",
"tags": [],
"url": "http://fedoranews.org/cms/node/2713"
},
{
"name": "FEDORA-2007-293",
"refsource": "FEDORA",
"tags": [],
"url": "http://fedoranews.org/cms/node/2728"
},
{
"name": "GLSA-200703-04",
"refsource": "GENTOO",
"tags": [],
"url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"
},
{
"name": "GLSA-200703-08",
"refsource": "GENTOO",
"tags": [],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"
},
{
"name": "RHSA-2007:0079",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
},
{
"name": "RHSA-2007:0077",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
},
{
"name": "RHSA-2007:0078",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
},
{
"name": "RHSA-2007:0097",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
},
{
"name": "RHSA-2007:0108",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
},
{
"name": "SUSE-SA:2007:019",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
},
{
"name": "USN-428-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/usn-428-1"
},
{
"name": "32104",
"refsource": "OSVDB",
"tags": [],
"url": "http://www.osvdb.org/32104"
},
{
"name": "24175",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24175"
},
{
"name": "24238",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24238"
},
{
"name": "24287",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24287"
},
{
"name": "24290",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24290"
},
{
"name": "24205",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24205"
},
{
"name": "24328",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24328"
},
{
"name": "24333",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24333"
},
{
"name": "24343",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24343"
},
{
"name": "24320",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24320"
},
{
"name": "24293",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24293"
},
{
"name": "24393",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24393"
},
{
"name": "24395",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24395"
},
{
"name": "24384",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24384"
},
{
"name": "24437",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24437"
},
{
"name": "20070301-01-P",
"refsource": "SGI",
"tags": [],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
},
{
"name": "24650",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24650"
},
{
"name": "DSA-1336",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2007/dsa-1336"
},
{
"name": "MDKSA-2007:050",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
},
{
"name": "20070202-01-P",
"refsource": "SGI",
"tags": [],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
},
{
"name": "SSA:2007-066-03",
"refsource": "SLACKWARE",
"tags": [],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.374851"
},
{
"name": "SSA:2007-066-05",
"refsource": "SLACKWARE",
"tags": [],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
},
{
"name": "SUSE-SA:2007:022",
"refsource": "SUSE",
"tags": [],
"url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
},
{
"name": "24455",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24455"
},
{
"name": "24457",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24457"
},
{
"name": "24342",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24342"
},
{
"name": "25588",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/25588"
},
{
"name": "2262",
"refsource": "SREASON",
"tags": [],
"url": "http://securityreason.com/securityalert/2262"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"tags": [],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "20070215 Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/460217/100/0/threaded"
},
{
"name": "ADV-2007-0718",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2007/0718"
},
{
"name": "ADV-2008-0083",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "ADV-2007-0624",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2007/0624"
},
{
"name": "firefox-locationhostname-security-bypass(32533)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32533"
},
{
"name": "oval:org.mitre.oval:def:9730",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9730"
},
{
"name": "20070303 rPSA-2007-0040-3 firefox thunderbird",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
},
{
"name": "20070226 rPSA-2007-0040-1 firefox",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
},
{
"name": "20070214 Firefox: serious cookie stealing / same-domain bypass vulnerability",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/460126/100/200/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-16T16:35Z",
"publishedDate": "2007-02-16T01:28Z"
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.