CVE-2007-2871

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://osvdb.org/35137
http://secunia.com/advisories/25469
http://secunia.com/advisories/25476
http://secunia.com/advisories/25488
http://secunia.com/advisories/25490
http://secunia.com/advisories/25491
http://secunia.com/advisories/25533
http://secunia.com/advisories/25534
http://secunia.com/advisories/25559
http://secunia.com/advisories/25635
http://secunia.com/advisories/25647
http://secunia.com/advisories/25685
http://secunia.com/advisories/25750
http://secunia.com/advisories/25858
http://security.gentoo.org/glsa/glsa-200706-06.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
http://www.debian.org/security/2007/dsa-1300
http://www.debian.org/security/2007/dsa-1306
http://www.debian.org/security/2007/dsa-1308
http://www.mandriva.com/security/advisories?name=MDKSA-2007:120
http://www.mandriva.com/security/advisories?name=MDKSA-2007:126
http://www.mozilla.org/security/announce/2007/mfsa2007-17.html	Vendor Advisory
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
http://www.redhat.com/support/errata/RHSA-2007-0400.html
http://www.redhat.com/support/errata/RHSA-2007-0401.html
http://www.redhat.com/support/errata/RHSA-2007-0402.html
http://www.securityfocus.com/archive/1/470172/100/200/threaded
http://www.securityfocus.com/bid/24242
http://www.securitytracker.com/id?1018155
http://www.securitytracker.com/id?1018156
http://www.ubuntu.com/usn/usn-468-1
http://www.us-cert.gov/cas/techalerts/TA07-151A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/1994
https://exchange.xforce.ibmcloud.com/vulnerabilities/34606
https://issues.rpath.com/browse/RPL-1424
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11433

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox:1.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.8:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.9:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.11:::::::*
	cpe:2.3:a:mozilla:firefox:2.0:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.3:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*

History

No history.

Information

Published : 2007-06-01 00:30

Updated : 2024-02-04 17:13

NVD link : CVE-2007-2871

Mitre link : CVE-2007-2871

CVE.ORG link : CVE-2007-2871

JSON object : View

Products Affected

mozilla

firefox
seamonkey

CWE

NVD-CWE-Other

4.3 /10