5

CVE-2007-4879

EPSS 1.43%
Veröffentlicht 13.09.2007 18:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 31

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version <= 2.0.0.12

Mozilla ≫ Firefox Version0.1

Mozilla ≫ Firefox Version0.2

Mozilla ≫ Firefox Version0.3

Mozilla ≫ Firefox Version0.4

Mozilla ≫ Firefox Version0.5

Mozilla ≫ Firefox Version0.6

Mozilla ≫ Firefox Version0.6.1

Mozilla ≫ Firefox Version0.7

Mozilla ≫ Firefox Version0.7.1

Mozilla ≫ Firefox Version0.8

Mozilla ≫ Firefox Version0.9

Mozilla ≫ Firefox Version0.9 Updaterc

Mozilla ≫ Firefox Version0.9.1

Mozilla ≫ Firefox Version0.9.2

Mozilla ≫ Firefox Version0.9.3

Mozilla ≫ Firefox Version0.10

Mozilla ≫ Firefox Version0.10.1

Mozilla ≫ Firefox Version1.0

Mozilla ≫ Firefox Version1.0 Updatepreview_release

Mozilla ≫ Firefox Version1.0.1

Mozilla ≫ Firefox Version1.0.2

Mozilla ≫ Firefox Version1.0.3

Mozilla ≫ Firefox Version1.0.4

Mozilla ≫ Firefox Version1.0.5

Mozilla ≫ Firefox Version1.0.6

Mozilla ≫ Firefox Version1.0.7

Mozilla ≫ Firefox Version1.0.8

Mozilla ≫ Firefox Version1.4.1

Mozilla ≫ Firefox Version1.5

Mozilla ≫ Firefox Version1.5 Updatebeta1

Mozilla ≫ Firefox Version1.5 Updatebeta2

Mozilla ≫ Firefox Version1.5.0.1

Mozilla ≫ Firefox Version1.5.0.2

Mozilla ≫ Firefox Version1.5.0.3

Mozilla ≫ Firefox Version1.5.0.4

Mozilla ≫ Firefox Version1.5.0.5

Mozilla ≫ Firefox Version1.5.0.6

Mozilla ≫ Firefox Version1.5.0.7

Mozilla ≫ Firefox Version1.5.0.8

Mozilla ≫ Firefox Version1.5.0.9

Mozilla ≫ Firefox Version1.5.0.10

Mozilla ≫ Firefox Version1.5.0.11

Mozilla ≫ Firefox Version1.5.0.12

Mozilla ≫ Firefox Version1.5.1

Mozilla ≫ Firefox Version1.5.2

Mozilla ≫ Firefox Version1.5.3

Mozilla ≫ Firefox Version1.5.4

Mozilla ≫ Firefox Version1.5.5

Mozilla ≫ Firefox Version1.5.6

Mozilla ≫ Firefox Version1.5.7

Mozilla ≫ Firefox Version1.5.8

Mozilla ≫ Firefox Version1.8

Mozilla ≫ Firefox Version2.0

Mozilla ≫ Firefox Version2.0.0.1

Mozilla ≫ Firefox Version2.0.0.2

Mozilla ≫ Firefox Version2.0.0.3

Mozilla ≫ Firefox Version2.0.0.4

Mozilla ≫ Firefox Version2.0.0.5

Mozilla ≫ Firefox Version2.0.0.6

Mozilla ≫ Firefox Version2.0.0.7

Mozilla ≫ Firefox Version2.0.0.8

Mozilla ≫ Firefox Version2.0.0.9

Mozilla ≫ Firefox Version2.0.0.10

Mozilla ≫ Firefox Version2.0.0.11

Mozilla ≫ Seamonkey Version <= 1.1.8

Mozilla ≫ Seamonkey Version1.0

Mozilla ≫ Seamonkey Version1.0 Updatealpha

Mozilla ≫ Seamonkey Version1.0 Updatebeta

Mozilla ≫ Seamonkey Version1.0.1

Mozilla ≫ Seamonkey Version1.0.2

Mozilla ≫ Seamonkey Version1.0.3

Mozilla ≫ Seamonkey Version1.0.4

Mozilla ≫ Seamonkey Version1.0.5

Mozilla ≫ Seamonkey Version1.0.6

Mozilla ≫ Seamonkey Version1.0.7

Mozilla ≫ Seamonkey Version1.0.8

Mozilla ≫ Seamonkey Version1.0.9

Mozilla ≫ Seamonkey Version1.1

Mozilla ≫ Seamonkey Version1.1 Updatealpha

Mozilla ≫ Seamonkey Version1.1 Updatebeta

Mozilla ≫ Seamonkey Version1.1.1

Mozilla ≫ Seamonkey Version1.1.2

Mozilla ≫ Seamonkey Version1.1.3

Mozilla ≫ Seamonkey Version1.1.4

Mozilla ≫ Seamonkey Version1.1.5

Mozilla ≫ Seamonkey Version1.1.6

Mozilla ≫ Seamonkey Version1.1.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.43%	0.788

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://0x90.eu/ff_tls_poc.html

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html

http://secunia.com/advisories/29526

Vendor Advisory

http://secunia.com/advisories/29539

Vendor Advisory

http://secunia.com/advisories/29541

Vendor Advisory

http://secunia.com/advisories/29547

Vendor Advisory

http://secunia.com/advisories/29558

Vendor Advisory

http://secunia.com/advisories/29560

Vendor Advisory

http://secunia.com/advisories/29616

Vendor Advisory

http://secunia.com/advisories/29645

Vendor Advisory

http://secunia.com/advisories/30327

Vendor Advisory

http://secunia.com/advisories/30620

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128

http://www.debian.org/security/2008/dsa-1532

http://www.debian.org/security/2008/dsa-1534

http://www.debian.org/security/2008/dsa-1535

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2008:080

http://www.mozilla.org/security/announce/2008/mfsa2008-17.html

http://www.securityfocus.com/archive/1/490196/100/0/threaded

http://www.securityfocus.com/bid/28448

http://www.securitytracker.com/id?1019704

http://www.ubuntu.com/usn/usn-592-1

http://www.us-cert.gov/cas/techalerts/TA08-087A.html

US Government Resource

http://www.vupen.com/english/advisories/2008/0998/references

Vendor Advisory

http://www.vupen.com/english/advisories/2008/1793/references

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=395399

https://nvd.nist.gov/vuln/detail/CVE-2007-4879

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-4879

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-4879

EUVD