SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2007-3656

Date: (C)2007-07-10 (M)2023-12-22

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1018411

SUNALERT-103177

http://www.securityfocus.com/archive/1/473191/100/0/threaded

http://www.securityfocus.com/archive/1/474226/100/0/threaded

http://www.securityfocus.com/archive/1/474542/100/0/threaded

SUNALERT-201516

SUSE-SA:2007:049

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt

http://lcamtuf.coredump.cx/ffcache/

http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html

http://www.mozilla.org/security/announce/2007/mfsa2007-24.html

https://bugzilla.mozilla.org/show_bug.cgi?id=387333

mozilla-wyciwyg-security-bypass(35298)

oval:org.mitre.oval:def:9105

cpe:/a:mozilla:firefox:1.5.0.10
cpe:/a:mozilla:firefox:1.5.0.11
cpe:/a:mozilla:firefox:1.5.0.12
cpe:/a:mozilla:firefox:1.5.0.4
...

© SecPod Technologies