CVE-2007-0981

medium

Description

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9730

https://issues.rpath.com/browse/RPL-1103

https://issues.rpath.com/browse/RPL-1081

https://exchange.xforce.ibmcloud.com/vulnerabilities/32533

https://bugzilla.mozilla.org/show_bug.cgi?id=370445

http://www.vupen.com/english/advisories/2008/0083

http://www.vupen.com/english/advisories/2007/0718

http://www.vupen.com/english/advisories/2007/0624

http://www.ubuntu.com/usn/usn-428-1

http://www.securityfocus.com/bid/22566

http://www.securityfocus.com/archive/1/461809/100/0/threaded

http://www.securityfocus.com/archive/1/461336/100/0/threaded

http://www.securityfocus.com/archive/1/460217/100/0/threaded

http://www.securityfocus.com/archive/1/460126/100/200/threaded

http://www.redhat.com/support/errata/RHSA-2007-0108.html

http://www.redhat.com/support/errata/RHSA-2007-0097.html

http://www.redhat.com/support/errata/RHSA-2007-0079.html

http://www.redhat.com/support/errata/RHSA-2007-0078.html

http://www.osvdb.org/32104

http://www.novell.com/linux/security/advisories/2007_22_mozilla.html

http://www.mozilla.org/security/announce/2007/mfsa2007-07.html

http://www.mandriva.com/security/advisories?name=MDKSA-2007:050

http://www.kb.cert.org/vuls/id/885753

http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml

http://www.debian.org/security/2007/dsa-1336

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

http://securitytracker.com/id?1017654

http://securityreason.com/securityalert/2262

http://security.gentoo.org/glsa/glsa-200703-04.xml

http://secunia.com/advisories/25588

http://secunia.com/advisories/24650

http://secunia.com/advisories/24457

http://secunia.com/advisories/24455

http://secunia.com/advisories/24437

http://secunia.com/advisories/24395

http://secunia.com/advisories/24393

http://secunia.com/advisories/24384

http://secunia.com/advisories/24343

http://secunia.com/advisories/24342

http://secunia.com/advisories/24333

http://secunia.com/advisories/24328

http://secunia.com/advisories/24320

http://secunia.com/advisories/24293

http://secunia.com/advisories/24290

http://secunia.com/advisories/24287

http://secunia.com/advisories/24238

http://secunia.com/advisories/24205

http://secunia.com/advisories/24175

http://rhn.redhat.com/errata/RHSA-2007-0077.html

http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://fedoranews.org/cms/node/2728

http://fedoranews.org/cms/node/2713

Details

Source: Mitre, NVD

Published: 2007-02-16

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium