CVE-2007-5334
Advisory lineage Upstream: 0 Downstream: 8
Modified
Published: 21 Oct 2007, 20:00
Last modified:07 Aug 2024, 15:24
Vulnerability Summary
Overall Risk (default)
low
20/100 CVSS Score
4.3 MEDIUM
v2.0 (nvd)
EPSS Score
11.64% MEDIUM
12% probability -3.28%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
21 Oct 2007, 20:00
Published
Vulnerability first disclosed
07 Aug 2024, 15:24
Last Modified
Vulnerability information updated
Description
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute.
CVSS Metrics
- v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS Trends
Current EPSS score: 11.64%• Percentile: 94%
Techniques & Countermeasures
- CWE-16•Configuration
Weaknesses in this category are typically introduced during the configuration of the software.
Affected Systems
- mozilla•firefox
≤ 2.0.0.7
- mozilla•seamonkey
≤ 1.1.4
References (50)
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
- http://www.securityfocus.com/archive/1/482876/100/200/threaded
- http://www.vupen.com/english/advisories/2007/3587
- http://secunia.com/advisories/27414
- http://www.securityfocus.com/archive/1/482925/100/0/threaded
- https://issues.rpath.com/browse/RPL-1858
- http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
- http://secunia.com/advisories/27360
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://secunia.com/advisories/27298
- http://secunia.com/advisories/27315
- http://securitytracker.com/id?1018837
- http://secunia.com/advisories/27327
- http://www.vupen.com/english/advisories/2007/3544
- http://secunia.com/advisories/27276
- https://usn.ubuntu.com/535-1/
- http://www.debian.org/security/2007/dsa-1401
- http://www.debian.org/security/2007/dsa-1392
- http://www.kb.cert.org/vuls/id/349217
- http://www.redhat.com/support/errata/RHSA-2007-0980.html
- http://secunia.com/advisories/27383
- http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
- http://secunia.com/advisories/27356
- http://www.redhat.com/support/errata/RHSA-2007-0981.html
- http://www.vupen.com/english/advisories/2008/0083
- http://secunia.com/advisories/27387
- https://bugzilla.mozilla.org/show_bug.cgi?id=391043
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
- http://secunia.com/advisories/27403
- http://secunia.com/advisories/27336
- http://www.mozilla.org/security/announce/2007/mfsa2007-33.html
- http://www.debian.org/security/2007/dsa-1396
- http://secunia.com/advisories/27425
- http://secunia.com/advisories/28398
- http://secunia.com/advisories/27311
- http://secunia.com/advisories/27325
- http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37286
- http://secunia.com/advisories/27665
- http://www.redhat.com/support/errata/RHSA-2007-0979.html
- http://secunia.com/advisories/27335
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
- http://secunia.com/advisories/27480
- http://secunia.com/advisories/27680
- http://www.securityfocus.com/bid/26132
- http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
- http://www.securityfocus.com/archive/1/482932/100/200/threaded
- http://www.ubuntu.com/usn/usn-536-1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11482