6.8

CVE-2007-3656

Exploit

EPSS 6.88%
Published 10.07.2007 19:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.

Affected products Warnungen 0 Metrics 2 CWE 1 References 48

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version1.0

Mozilla ≫ Firefox Version1.0.1

Mozilla ≫ Firefox Version1.0.2

Mozilla ≫ Firefox Version1.0.3

Mozilla ≫ Firefox Version1.0.4

Mozilla ≫ Firefox Version1.0.5

Mozilla ≫ Firefox Version1.0.6

Mozilla ≫ Firefox Version1.0.7

Mozilla ≫ Firefox Version1.0.8

Mozilla ≫ Firefox Version1.5

Mozilla ≫ Firefox Version1.5.0.1

Mozilla ≫ Firefox Version1.5.0.2

Mozilla ≫ Firefox Version1.5.0.3

Mozilla ≫ Firefox Version1.5.0.4

Mozilla ≫ Firefox Version1.5.0.5

Mozilla ≫ Firefox Version1.5.0.6

Mozilla ≫ Firefox Version1.5.0.7

Mozilla ≫ Firefox Version1.5.0.8

Mozilla ≫ Firefox Version1.5.0.9

Mozilla ≫ Firefox Version1.5.0.10

Mozilla ≫ Firefox Version1.5.0.11

Mozilla ≫ Firefox Version1.5.0.12

Mozilla ≫ Firefox Version1.5.1

Mozilla ≫ Firefox Version1.5.2

Mozilla ≫ Firefox Version1.5.3

Mozilla ≫ Firefox Version1.5.4

Mozilla ≫ Firefox Version1.5.5

Mozilla ≫ Firefox Version1.5.6

Mozilla ≫ Firefox Version1.5.7

Mozilla ≫ Firefox Version1.5.8

Mozilla ≫ Firefox Version1.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	6.88%	0.91

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt

ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc

http://secunia.com/advisories/25589

http://secunia.com/advisories/26072

http://secunia.com/advisories/26103

http://secunia.com/advisories/26107

http://secunia.com/advisories/26149

http://secunia.com/advisories/26151

http://secunia.com/advisories/26159

http://secunia.com/advisories/26179

http://secunia.com/advisories/26204

http://secunia.com/advisories/26205

http://secunia.com/advisories/26211

http://secunia.com/advisories/26216

http://secunia.com/advisories/26258

http://secunia.com/advisories/26271

http://secunia.com/advisories/26460

http://secunia.com/advisories/28135

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1

http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html

http://www.debian.org/security/2007/dsa-1337

http://www.debian.org/security/2007/dsa-1338

http://www.debian.org/security/2007/dsa-1339

http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2007:152

http://www.novell.com/linux/security/advisories/2007_49_mozilla.html

http://www.redhat.com/support/errata/RHSA-2007-0722.html

http://www.redhat.com/support/errata/RHSA-2007-0724.html

http://www.securityfocus.com/archive/1/474226/100/0/threaded

http://www.securityfocus.com/archive/1/474542/100/0/threaded

http://www.ubuntu.com/usn/usn-490-1

http://www.vupen.com/english/advisories/2007/4256

http://lcamtuf.coredump.cx/ffcache/

Exploit

http://osvdb.org/38028

http://secunia.com/advisories/25990

http://securityreason.com/securityalert/2872

http://www.mozilla.org/security/announce/2007/mfsa2007-24.html

http://www.securityfocus.com/archive/1/473191/100/0/threaded

http://www.securityfocus.com/bid/24831

http://www.securitytracker.com/id?1018411

https://bugzilla.mozilla.org/show_bug.cgi?id=387333

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/35298

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9105

https://nvd.nist.gov/vuln/detail/CVE-2007-3656

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3656

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3656

EUVD