CVE-2007-0981

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2007-0981
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lcamtuf.dione.cc/ffhostname.html Exploit
https://bugzilla.mozilla.org/show_bug.cgi?id=370445 Vendor Advisory
http://www.kb.cert.org/vuls/id/885753 US Government Resource
http://www.securityfocus.com/bid/22566
http://securitytracker.com/id?1017654
http://www.mozilla.org/security/announce/2007/mfsa2007-07.html
https://issues.rpath.com/browse/RPL-1081
https://issues.rpath.com/browse/RPL-1103
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
http://www.redhat.com/support/errata/RHSA-2007-0079.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2007-0077.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0078.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0097.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0108.html Vendor Advisory
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://www.ubuntu.com/usn/usn-428-1
http://www.osvdb.org/32104
http://secunia.com/advisories/24175 Vendor Advisory
http://secunia.com/advisories/24238 Vendor Advisory
http://secunia.com/advisories/24287 Vendor Advisory
http://secunia.com/advisories/24290 Vendor Advisory
http://secunia.com/advisories/24205 Vendor Advisory
http://secunia.com/advisories/24328 Vendor Advisory
http://secunia.com/advisories/24333 Vendor Advisory
http://secunia.com/advisories/24343 Vendor Advisory
http://secunia.com/advisories/24320 Vendor Advisory
http://secunia.com/advisories/24293 Vendor Advisory
http://secunia.com/advisories/24393 Vendor Advisory
http://secunia.com/advisories/24395 Vendor Advisory
http://secunia.com/advisories/24384 Vendor Advisory
http://secunia.com/advisories/24437 Vendor Advisory
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://secunia.com/advisories/24650 Vendor Advisory
http://www.debian.org/security/2007/dsa-1336
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://secunia.com/advisories/24455 Vendor Advisory
http://secunia.com/advisories/24457 Vendor Advisory
http://secunia.com/advisories/24342 Vendor Advisory
http://secunia.com/advisories/25588
http://securityreason.com/securityalert/2262
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://www.securityfocus.com/archive/1/460217/100/0/threaded
http://www.vupen.com/english/advisories/2007/0718
http://www.vupen.com/english/advisories/2008/0083
http://www.vupen.com/english/advisories/2007/0624
https://exchange.xforce.ibmcloud.com/vulnerabilities/32533
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9730
http://www.securityfocus.com/archive/1/461809/100/0/threaded
http://www.securityfocus.com/archive/1/461336/100/0/threaded
http://www.securityfocus.com/archive/1/460126/100/200/threaded
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:preview_release:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
Information

Published : 2007-02-15 17:28

Updated : 2018-10-16 09:35

NVD link : CVE-2007-0981

Mitre link : CVE-2007-0981

JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa
Products Affected

mozilla

  • firefox
  • seamonkey