Detections
Analytics
CVE-2007-0981
medium
Description
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9730
https://issues.rpath.com/browse/RPL-1103
https://issues.rpath.com/browse/RPL-1081
https://exchange.xforce.ibmcloud.com/vulnerabilities/32533
https://bugzilla.mozilla.org/show_bug.cgi?id=370445
http://www.vupen.com/english/advisories/2008/0083
http://www.vupen.com/english/advisories/2007/0718
http://www.vupen.com/english/advisories/2007/0624
http://www.ubuntu.com/usn/usn-428-1
http://www.securityfocus.com/bid/22566
http://www.securityfocus.com/archive/1/461809/100/0/threaded
http://www.securityfocus.com/archive/1/461336/100/0/threaded
http://www.securityfocus.com/archive/1/460217/100/0/threaded
http://www.securityfocus.com/archive/1/460126/100/200/threaded
http://www.redhat.com/support/errata/RHSA-2007-0108.html
http://www.redhat.com/support/errata/RHSA-2007-0097.html
http://www.redhat.com/support/errata/RHSA-2007-0079.html
http://www.redhat.com/support/errata/RHSA-2007-0078.html
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.mozilla.org/security/announce/2007/mfsa2007-07.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.kb.cert.org/vuls/id/885753
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
http://www.debian.org/security/2007/dsa-1336
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://securitytracker.com/id?1017654
http://securityreason.com/securityalert/2262
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://secunia.com/advisories/25588
http://secunia.com/advisories/24650
http://secunia.com/advisories/24457
http://secunia.com/advisories/24455
http://secunia.com/advisories/24437
http://secunia.com/advisories/24395
http://secunia.com/advisories/24393
http://secunia.com/advisories/24384
http://secunia.com/advisories/24343
http://secunia.com/advisories/24342
http://secunia.com/advisories/24333
http://secunia.com/advisories/24328
http://secunia.com/advisories/24320
http://secunia.com/advisories/24293
http://secunia.com/advisories/24290
http://secunia.com/advisories/24287
http://secunia.com/advisories/24238
http://secunia.com/advisories/24205
http://secunia.com/advisories/24175
http://rhn.redhat.com/errata/RHSA-2007-0077.html
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742