CVE-2007-0778
Advisory lineage Upstream: 0 Downstream: 6
Deferred
Published: 26 Feb 2007, 20:00
Last modified:07 Aug 2024, 12:34
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.4 MEDIUM
v2.0 (nvd)
EPSS Score
1.12% LOW
1% probability +0.04%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
26 Feb 2007, 20:00
Published
Vulnerability first disclosed
07 Aug 2024, 12:34
Last Modified
Vulnerability information updated
Description
The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.
CVSS Metrics
- v2.0•MEDIUM•Score: 5.4AV:N/AC:H/Au:N/C:C/I:N/A:N
EPSS Trends
Current EPSS score: 1.12%• Percentile: 78%
Techniques & Countermeasures
- CWE-200•Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Affected Systems
- canonical•ubuntu_linux
5.10 | 6.06 | 6.10
- debian•debian_linux
3.1
- Unknown•Firefox
≥ 1.5, < 1.5.0.10 | ≥ 2.0, < 2.0.0.2
- mozilla•seamonkey
< 1.0.8
References (50)
- http://www.redhat.com/support/errata/RHSA-2007-0078.html
- http://secunia.com/advisories/24395
- http://www.securityfocus.com/archive/1/461336/100/0/threaded
- http://secunia.com/advisories/24328
- http://www.redhat.com/support/errata/RHSA-2007-0108.html
- http://security.gentoo.org/glsa/glsa-200703-04.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32671
- http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
- http://secunia.com/advisories/24384
- http://secunia.com/advisories/24457
- http://secunia.com/advisories/24343
- http://www.debian.org/security/2007/dsa-1336
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://securitytracker.com/id?1017699
- http://www.vupen.com/english/advisories/2007/0718
- http://secunia.com/advisories/24650
- https://bugzilla.mozilla.org/show_bug.cgi?id=347852
- http://www.ubuntu.com/usn/usn-428-1
- http://www.osvdb.org/32110
- http://secunia.com/advisories/24320
- http://secunia.com/advisories/25588
- https://issues.rpath.com/browse/RPL-1103
- http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
- http://www.vupen.com/english/advisories/2008/0083
- http://www.securityfocus.com/archive/1/461809/100/0/threaded
- http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
- http://secunia.com/advisories/24293
- http://secunia.com/advisories/24238
- http://secunia.com/advisories/24393
- http://secunia.com/advisories/24342
- http://secunia.com/advisories/24287
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9151
- http://www.securityfocus.com/bid/22694
- http://fedoranews.org/cms/node/2713
- http://www.redhat.com/support/errata/RHSA-2007-0097.html
- http://fedoranews.org/cms/node/2728
- ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
- http://secunia.com/advisories/24205
- https://issues.rpath.com/browse/RPL-1081
- http://secunia.com/advisories/24333
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
- http://secunia.com/advisories/24290
- http://secunia.com/advisories/24455
- http://rhn.redhat.com/errata/RHSA-2007-0077.html
- ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
- http://www.redhat.com/support/errata/RHSA-2007-0079.html
- http://www.mozilla.org/security/announce/2007/mfsa2007-03.html
- http://secunia.com/advisories/24437