CVE-2007-3656

high

Description

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9105

https://exchange.xforce.ibmcloud.com/vulnerabilities/35298

http://www.vupen.com/english/advisories/2007/4256

http://www.ubuntu.com/usn/usn-490-1

http://www.securitytracker.com/id?1018411

http://www.securityfocus.com/bid/24831

http://www.securityfocus.com/archive/1/474542/100/0/threaded

http://www.securityfocus.com/archive/1/474226/100/0/threaded

http://www.securityfocus.com/archive/1/473191/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2007-0724.html

http://www.redhat.com/support/errata/RHSA-2007-0722.html

http://www.novell.com/linux/security/advisories/2007_49_mozilla.html

http://www.mozilla.org/security/announce/2007/mfsa2007-24.html

http://www.mandriva.com/security/advisories?name=MDKSA-2007:152

http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml

http://www.debian.org/security/2007/dsa-1339

http://www.debian.org/security/2007/dsa-1338

http://www.debian.org/security/2007/dsa-1337

http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1

http://securityreason.com/securityalert/2872

http://secunia.com/advisories/28135

http://secunia.com/advisories/26460

http://secunia.com/advisories/26271

http://secunia.com/advisories/26258

http://secunia.com/advisories/26216

http://secunia.com/advisories/26211

http://secunia.com/advisories/26205

http://secunia.com/advisories/26204

http://secunia.com/advisories/26179

http://secunia.com/advisories/26159

http://secunia.com/advisories/26151

http://secunia.com/advisories/26149

http://secunia.com/advisories/26107

http://secunia.com/advisories/26103

http://secunia.com/advisories/26072

http://secunia.com/advisories/25990

http://secunia.com/advisories/25589

http://osvdb.org/38028

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Details

Source: Mitre, NVD

Published: 2007-07-10

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Severity: High