CVE-2007-4879

high

Description

Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=395399

http://www.vupen.com/english/advisories/2008/1793/references

http://www.vupen.com/english/advisories/2008/0998/references

http://www.us-cert.gov/cas/techalerts/TA08-087A.html

http://www.ubuntu.com/usn/usn-592-1

http://www.securitytracker.com/id?1019704

http://www.securityfocus.com/bid/28448

http://www.securityfocus.com/archive/1/490196/100/0/threaded

http://www.mozilla.org/security/announce/2008/mfsa2008-17.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:080

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

http://www.debian.org/security/2008/dsa-1535

http://www.debian.org/security/2008/dsa-1534

http://www.debian.org/security/2008/dsa-1532

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

http://secunia.com/advisories/30620

http://secunia.com/advisories/30327

http://secunia.com/advisories/29645

http://secunia.com/advisories/29616

http://secunia.com/advisories/29560

http://secunia.com/advisories/29558

http://secunia.com/advisories/29547

http://secunia.com/advisories/29541

http://secunia.com/advisories/29539

http://secunia.com/advisories/29526

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html

http://0x90.eu/ff_tls_poc.html

Details

Source: Mitre, NVD

Published: 2007-09-13

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High