[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-5337Date: (C)2007-10-21   (M)2023-12-22


Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1018837
http://www.securityfocus.com/archive/1/482876/100/200/threaded
http://www.securityfocus.com/archive/1/482925/100/0/threaded
http://www.securityfocus.com/archive/1/482932/100/200/threaded
SUNALERT-201516
BID-26132
SECUNIA-27276
SECUNIA-27298
SECUNIA-27325
SECUNIA-27327
SECUNIA-27335
SECUNIA-27336
SECUNIA-27356
SECUNIA-27360
SECUNIA-27383
SECUNIA-27387
SECUNIA-27403
SECUNIA-27414
SECUNIA-27425
SECUNIA-27480
SECUNIA-27665
SECUNIA-27680
SECUNIA-28398
ADV-2007-3544
ADV-2007-3587
ADV-2008-0083
DSA-1392
DSA-1396
DSA-1401
FEDORA-2007-2601
FEDORA-2007-2664
FEDORA-2007-3431
GLSA-200711-14
HPSBUX02153
MDKSA-2007:202
RHSA-2007:0979
RHSA-2007:0980
RHSA-2007:0981
SUSE-SA:2007:057
USN-535-1
USN-536-1
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
http://www.mozilla.org/security/announce/2007/mfsa2007-34.html
https://bugzilla.mozilla.org/show_bug.cgi?id=381146
https://issues.rpath.com/browse/RPL-1858
mozilla-sftp-file-access(37287)
oval:org.mitre.oval:def:11443

CPE    3
cpe:/o:linux:linux_kernel
cpe:/a:mozilla:seamonkey
cpe:/a:mozilla:firefox
CWE    1
CWE-200

© SecPod Technologies