4.3

CVE-2007-2871

EPSS 16.41%
Published 01.06.2007 00:30:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane.  NOTE: this issue can be leveraged for phishing and other attacks.

Affected products Warnungen 0 Metrics 2 CWE 0 References 40

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version1.5

Mozilla ≫ Firefox Version1.5.0.1

Mozilla ≫ Firefox Version1.5.0.2

Mozilla ≫ Firefox Version1.5.0.3

Mozilla ≫ Firefox Version1.5.0.4

Mozilla ≫ Firefox Version1.5.0.5

Mozilla ≫ Firefox Version1.5.0.6

Mozilla ≫ Firefox Version1.5.0.7

Mozilla ≫ Firefox Version1.5.0.8

Mozilla ≫ Firefox Version1.5.0.9

Mozilla ≫ Firefox Version1.5.0.10

Mozilla ≫ Firefox Version1.5.0.11

Mozilla ≫ Firefox Version2.0

Mozilla ≫ Firefox Version2.0.0.1

Mozilla ≫ Firefox Version2.0.0.2

Mozilla ≫ Firefox Version2.0.0.3

Mozilla ≫ Seamonkey Version1.0.9

Mozilla ≫ Seamonkey Version1.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	16.41%	0.946

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://secunia.com/advisories/25476

http://secunia.com/advisories/25490

http://secunia.com/advisories/25858

http://www.novell.com/linux/security/advisories/2007_36_mozilla.html

http://www.redhat.com/support/errata/RHSA-2007-0400.html

http://www.redhat.com/support/errata/RHSA-2007-0402.html

http://www.securityfocus.com/archive/1/470172/100/200/threaded

https://issues.rpath.com/browse/RPL-1424

http://secunia.com/advisories/25534

http://secunia.com/advisories/25559

http://secunia.com/advisories/25750

http://security.gentoo.org/glsa/glsa-200706-06.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857

http://www.debian.org/security/2007/dsa-1300

http://www.redhat.com/support/errata/RHSA-2007-0401.html

http://www.us-cert.gov/cas/techalerts/TA07-151A.html

US Government Resource

http://www.vupen.com/english/advisories/2007/1994

http://secunia.com/advisories/25533

http://secunia.com/advisories/25635

http://secunia.com/advisories/25647

http://secunia.com/advisories/25685

http://www.debian.org/security/2007/dsa-1306

http://www.debian.org/security/2007/dsa-1308

http://www.mandriva.com/security/advisories?name=MDKSA-2007:120

http://www.mandriva.com/security/advisories?name=MDKSA-2007:126

http://www.securityfocus.com/bid/24242

http://www.ubuntu.com/usn/usn-468-1

http://secunia.com/advisories/25469

http://secunia.com/advisories/25488

http://secunia.com/advisories/25491

http://osvdb.org/35137

http://www.mozilla.org/security/announce/2007/mfsa2007-17.html

Vendor Advisory

http://www.securitytracker.com/id?1018155

http://www.securitytracker.com/id?1018156

https://exchange.xforce.ibmcloud.com/vulnerabilities/34606

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11433

https://nvd.nist.gov/vuln/detail/CVE-2007-2871

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-2871

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-2871

EUVD