Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0516.html | Broken Link |
http://kaneda.bohater.net/security/20070111-firefox_2.0.0.1_bypass_phishing_protection.php | Broken Link Exploit Vendor Advisory |
http://osvdb.org/33705 | Broken Link |
http://www.securityfocus.com/archive/1/459265/100/0/threaded | Broken Link Third Party Advisory VDB Entry |
https://bugzilla.mozilla.org/show_bug.cgi?id=367538 | Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
26 Feb 2022, 04:06
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=367538 - Issue Tracking, Third Party Advisory | |
References | (OSVDB) http://osvdb.org/33705 - Broken Link | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/459265/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | (MISC) http://kaneda.bohater.net/security/20070111-firefox_2.0.0.1_bypass_phishing_protection.php - Broken Link, Exploit, Vendor Advisory | |
References | (FULLDISC) http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0516.html - Broken Link | |
CPE | cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:* | |
CWE | CWE-20 |
Information
Published : 2007-02-07 11:28
Updated : 2024-02-04 17:13
NVD link : CVE-2007-0802
Mitre link : CVE-2007-0802
CVE.ORG link : CVE-2007-0802
JSON object : View
Products Affected
opera
- opera_browser
mozilla
- firefox
CWE
CWE-20
Improper Input Validation