[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-0981Date: (C)2007-02-15   (M)2023-12-22


Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1017654
20070202-01-P
http://www.securityfocus.com/archive/1/460126/100/200/threaded
http://www.securityfocus.com/archive/1/460217/100/0/threaded
http://www.securityfocus.com/archive/1/461336/100/0/threaded
20070301-01-P
http://www.securityfocus.com/archive/1/461809/100/0/threaded
BID-22566
SREASON-2262
SECUNIA-24175
SECUNIA-24205
SECUNIA-24238
SECUNIA-24287
SECUNIA-24290
SECUNIA-24293
SECUNIA-24320
SECUNIA-24328
SECUNIA-24333
SECUNIA-24342
SECUNIA-24343
SECUNIA-24384
SECUNIA-24393
SECUNIA-24395
SECUNIA-24437
SECUNIA-24455
SECUNIA-24457
SECUNIA-24650
SECUNIA-25588
OSVDB-32104
ADV-2007-0624
ADV-2007-0718
ADV-2008-0083
DSA-1336
FEDORA-2007-281
FEDORA-2007-293
GLSA-200703-04
GLSA-200703-08
HPSBUX02153
MDKSA-2007:050
RHSA-2007:0077
RHSA-2007:0078
RHSA-2007:0079
RHSA-2007:0097
RHSA-2007:0108
SSA:2007-066-03
SSA:2007-066-05
SUSE-SA:2007:019
SUSE-SA:2007:022
USN-428-1
VU#885753
firefox-locationhostname-security-bypass(32533)
http://lcamtuf.dione.cc/ffhostname.html
http://www.mozilla.org/security/announce/2007/mfsa2007-07.html
https://bugzilla.mozilla.org/show_bug.cgi?id=370445
https://issues.rpath.com/browse/RPL-1081
https://issues.rpath.com/browse/RPL-1103
oval:org.mitre.oval:def:9730

CPE    47
cpe:/a:mozilla:firefox:1.5.0.4
cpe:/a:mozilla:firefox:1.5.0.3
cpe:/a:mozilla:firefox:1.5.0.2
cpe:/a:mozilla:firefox:1.5:beta2
...
CWE    1
CWE-264

© SecPod Technologies