CVE-2007-2871

medium

Description

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11433

https://issues.rpath.com/browse/RPL-1424

https://exchange.xforce.ibmcloud.com/vulnerabilities/34606

http://www.vupen.com/english/advisories/2007/1994

http://www.us-cert.gov/cas/techalerts/TA07-151A.html

http://www.ubuntu.com/usn/usn-468-1

http://www.securitytracker.com/id?1018156

http://www.securitytracker.com/id?1018155

http://www.securityfocus.com/bid/24242

http://www.securityfocus.com/archive/1/470172/100/200/threaded

http://www.redhat.com/support/errata/RHSA-2007-0402.html

http://www.redhat.com/support/errata/RHSA-2007-0401.html

http://www.redhat.com/support/errata/RHSA-2007-0400.html

http://www.novell.com/linux/security/advisories/2007_36_mozilla.html

http://www.mozilla.org/security/announce/2007/mfsa2007-17.html

http://www.mandriva.com/security/advisories?name=MDKSA-2007:126

http://www.mandriva.com/security/advisories?name=MDKSA-2007:120

http://www.debian.org/security/2007/dsa-1308

http://www.debian.org/security/2007/dsa-1306

http://www.debian.org/security/2007/dsa-1300

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857

http://security.gentoo.org/glsa/glsa-200706-06.xml

http://secunia.com/advisories/25858

http://secunia.com/advisories/25750

http://secunia.com/advisories/25685

http://secunia.com/advisories/25647

http://secunia.com/advisories/25635

http://secunia.com/advisories/25559

http://secunia.com/advisories/25534

http://secunia.com/advisories/25533

http://secunia.com/advisories/25491

http://secunia.com/advisories/25490

http://secunia.com/advisories/25488

http://secunia.com/advisories/25476

http://secunia.com/advisories/25469

http://osvdb.org/35137

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Details

Source: Mitre, NVD

Published: 2007-06-01

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: Medium