CVE-2007-3656
Vulnerability Summary
Timeline
Description
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.
CVSS Metrics
- v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 6.60%• Percentile: 91%
Techniques & Countermeasures
- CWE-200•Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Affected Systems
- mozilla•firefox
1.0 | 1.0.1 | 1.0.2 | 1.0.3 | 1.0.4 | 1.0.5 | 1.0.6 | 1.0.7 | 1.0.8 | 1.5 | 1.5.0.1 | 1.5.0.2 | 1.5.0.3 | 1.5.0.4 | 1.5.0.5 | 1.5.0.6 | 1.5.0.7 | 1.5.0.8 | 1.5.0.9 | 1.5.0.10 | 1.5.0.11 | 1.5.0.12 | 1.5.1 | 1.5.2 | 1.5.3 | 1.5.4 | 1.5.5 | 1.5.6 | 1.5.7 | 1.5.8 | 1.8
References (45)
- http://www.ubuntu.com/usn/usn-490-1
- http://secunia.com/advisories/26107
- http://www.mozilla.org/security/announce/2007/mfsa2007-24.html
- http://lcamtuf.coredump.cx/ffcache/
- http://osvdb.org/38028
- http://secunia.com/advisories/26179
- http://www.vupen.com/english/advisories/2007/4256
- http://secunia.com/advisories/25589
- http://securityreason.com/securityalert/2872
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
- http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml
- http://www.securitytracker.com/id?1018411
- http://www.debian.org/security/2007/dsa-1339
- http://secunia.com/advisories/25990
- http://secunia.com/advisories/26151
- http://secunia.com/advisories/28135
- http://secunia.com/advisories/26216
- http://secunia.com/advisories/26103
- http://secunia.com/advisories/26072
- http://secunia.com/advisories/26149
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9105
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
- http://www.debian.org/security/2007/dsa-1337
- http://secunia.com/advisories/26211
- http://secunia.com/advisories/26159
- http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
- http://www.debian.org/security/2007/dsa-1338
- ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
- http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
- http://www.securityfocus.com/archive/1/473191/100/0/threaded
- https://bugzilla.mozilla.org/show_bug.cgi?id=387333
- http://www.securityfocus.com/archive/1/474542/100/0/threaded
- http://secunia.com/advisories/26258
- http://secunia.com/advisories/26460
- ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
- http://www.redhat.com/support/errata/RHSA-2007-0724.html
- http://www.securityfocus.com/archive/1/474226/100/0/threaded
- http://www.securityfocus.com/bid/24831
- http://secunia.com/advisories/26271
- http://www.redhat.com/support/errata/RHSA-2007-0722.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35298
- http://secunia.com/advisories/26204
- http://secunia.com/advisories/26205