7.5

CVE-2007-0981

Exploit
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 1.5.0.9
MozillaFirefox Version0.8
MozillaFirefox Version0.9
MozillaFirefox Version0.9 Updaterc
MozillaFirefox Version0.9.1
MozillaFirefox Version0.9.2
MozillaFirefox Version0.9.3
MozillaFirefox Version0.10
MozillaFirefox Version0.10.1
MozillaFirefox Version1.0
MozillaFirefox Version1.0.1
MozillaFirefox Version1.0.2
MozillaFirefox Version1.0.3
MozillaFirefox Version1.0.4
MozillaFirefox Version1.0.5
MozillaFirefox Version1.0.6
MozillaFirefox Version1.0.6 Editionlinux
MozillaFirefox Version1.0.7
MozillaFirefox Version1.0.8
MozillaFirefox Version1.5
MozillaFirefox Version1.5 Updatebeta1
MozillaFirefox Version1.5 Updatebeta2
MozillaFirefox Version1.5.0.1
MozillaFirefox Version1.5.0.2
MozillaFirefox Version1.5.0.3
MozillaFirefox Version1.5.0.4
MozillaFirefox Version1.5.0.5
MozillaFirefox Version1.5.0.6
MozillaFirefox Version1.5.0.7
MozillaFirefox Version1.5.0.8
MozillaFirefox Version1.5.1
MozillaFirefox Version1.5.2
MozillaFirefox Version1.5.3
MozillaFirefox Version1.5.4
MozillaFirefox Version1.5.5
MozillaFirefox Version1.5.6
MozillaFirefox Version1.5.7
MozillaFirefox Version1.5.8
MozillaFirefox Version2.0
MozillaFirefox Version2.0 Updatebeta_1
MozillaFirefox Version2.0 Updaterc3
MozillaFirefox Version2.0.0.1
MozillaFirefox Versionpreview_release
MozillaSeamonkey Version <= 1.0.7
MozillaSeamonkey Version1.0
MozillaSeamonkey Version1.0.1
MozillaSeamonkey Version1.0.2
MozillaSeamonkey Version1.0.3
MozillaSeamonkey Version1.0.4
MozillaSeamonkey Version1.0.5
MozillaSeamonkey Version1.0.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.14% 0.956
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.vupen.com/english/advisories/2008/0083
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://rhn.redhat.com/errata/RHSA-2007-0077.html
Vendor Advisory
http://secunia.com/advisories/24205
Vendor Advisory
http://secunia.com/advisories/24238
Vendor Advisory
http://secunia.com/advisories/24287
Vendor Advisory
http://secunia.com/advisories/24290
Vendor Advisory
http://secunia.com/advisories/24293
Vendor Advisory
http://secunia.com/advisories/24320
Vendor Advisory
http://secunia.com/advisories/24328
Vendor Advisory
http://secunia.com/advisories/24333
Vendor Advisory
http://secunia.com/advisories/24342
Vendor Advisory
http://secunia.com/advisories/24343
Vendor Advisory
http://secunia.com/advisories/24384
Vendor Advisory
http://secunia.com/advisories/24393
Vendor Advisory
http://secunia.com/advisories/24395
Vendor Advisory
http://secunia.com/advisories/24437
Vendor Advisory
http://secunia.com/advisories/24457
Vendor Advisory
http://secunia.com/advisories/24650
Vendor Advisory
http://secunia.com/advisories/25588
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://www.debian.org/security/2007/dsa-1336
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.redhat.com/support/errata/RHSA-2007-0078.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0079.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0097.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0108.html
Vendor Advisory
http://www.securityfocus.com/archive/1/461336/100/0/threaded
http://www.securityfocus.com/archive/1/461809/100/0/threaded
http://www.ubuntu.com/usn/usn-428-1
http://www.vupen.com/english/advisories/2007/0718
https://issues.rpath.com/browse/RPL-1081
https://issues.rpath.com/browse/RPL-1103
http://lcamtuf.dione.cc/ffhostname.html
Exploit
http://secunia.com/advisories/24175
Vendor Advisory
http://secunia.com/advisories/24455
Vendor Advisory
http://securityreason.com/securityalert/2262
http://securitytracker.com/id?1017654
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://www.kb.cert.org/vuls/id/885753
US Government Resource
http://www.mozilla.org/security/announce/2007/mfsa2007-07.html
http://www.osvdb.org/32104
http://www.securityfocus.com/archive/1/460126/100/200/threaded
http://www.securityfocus.com/archive/1/460217/100/0/threaded
http://www.securityfocus.com/bid/22566
http://www.vupen.com/english/advisories/2007/0624
https://bugzilla.mozilla.org/show_bug.cgi?id=370445
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32533
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9730