[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-2871Date: (C)2007-05-31   (M)2023-12-22


Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1018155
SECTRACK-1018156
http://www.securityfocus.com/archive/1/470172/100/200/threaded
BID-24242
SECUNIA-25469
SECUNIA-25476
SECUNIA-25488
SECUNIA-25490
SECUNIA-25491
SECUNIA-25533
SECUNIA-25534
SECUNIA-25559
SECUNIA-25635
SECUNIA-25647
SECUNIA-25685
SECUNIA-25750
SECUNIA-25858
OSVDB-35137
ADV-2007-1994
DSA-1300
DSA-1306
DSA-1308
GLSA-200706-06
HPSBUX02153
MDKSA-2007:120
MDKSA-2007:126
RHSA-2007:0400
RHSA-2007:0401
RHSA-2007:0402
SSA:2007-152-02
SUSE-SA:2007:036
TA07-151A
USN-468-1
http://www.mozilla.org/security/announce/2007/mfsa2007-17.html
https://issues.rpath.com/browse/RPL-1424
mozilla-xulpopups-spoofing(34606)
oval:org.mitre.oval:def:11433

CPE    18
cpe:/a:mozilla:firefox:1.5.0.10
cpe:/a:mozilla:firefox:1.5.0.11
cpe:/a:mozilla:firefox:1.5.0.4
cpe:/a:mozilla:firefox:1.5.0.3
...

© SecPod Technologies