[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-5960

Date: (C)2007-11-26   (M)2017-10-04
 
CVSS Score: 4.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: NONE











Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

Reference:
SUNALERT-1018977
SECTRACK-1018995
http://www.securityfocus.com/archive/1/archive/1/488002/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/488971/100/0/threaded
SUNALERT-231441
BID-26589
SECUNIA-27725
SECUNIA-27793
SECUNIA-27796
SECUNIA-27797
SECUNIA-27800
SECUNIA-27816
SECUNIA-27838
SECUNIA-27845
SECUNIA-27855
SECUNIA-27944
SECUNIA-27955
SECUNIA-27957
SECUNIA-27979
SECUNIA-28001
SECUNIA-28016
SECUNIA-28171
SECUNIA-28277
SECUNIA-28398
SECUNIA-29164
ADV-2007-4002
ADV-2007-4018
ADV-2008-0083
ADV-2008-0643
DSA-1424
DSA-1425
FEDORA-2007-3952
FEDORA-2007-4098
FEDORA-2007-4106
FEDORA-2007-756
GLSA-200712-21
HPSBUX02153
MDKSA-2007:246
RHSA-2007:1082
RHSA-2007:1083
RHSA-2007:1084
SSA:2007-331-01
SSA:2007-333-01
SSRT061181
SUSE-SA:2007:066
USN-546-1
USN-546-2
http://browser.netscape.com/releasenotes/
http://bugs.gentoo.org/show_bug.cgi?id=198965
http://bugs.gentoo.org/show_bug.cgi?id=200909
http://wiki.rpath.com/Advisories:rPSA-2008-0093
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
http://www.mozilla.org/security/announce/2007/mfsa2007-39.html
https://issues.rpath.com/browse/RPL-1984
https://issues.rpath.com/browse/RPL-1995
mozilla-http-referer-spoofing(38644)

CPE    49
cpe:/a:mozilla:seamonkey:1.1.7
cpe:/a:mozilla:firefox:1.5.0.4
cpe:/a:mozilla:firefox:1.5.0.3
cpe:/a:mozilla:firefox:1.5.0.2
...
CWE    1
CWE-22

© 2013 SecPod Technologies