Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4357

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4357
Last Modified 05 Sep 2008 05:28:02
Published 14 Aug 2007 08:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4357

Summary

Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. NOTE: the severity of this issue has been disputed by a reliable third party, since the intended functionality of the status bar allows it to be modified.

Vulnerable Systems

Application

  • Mozilla Firefox 2.0.0.6


References

BUGTRAQ - 20070809 Re:Re: [ELEYTT] 3SIERPIEN2007

BUGTRAQ - 20070806 Re: [ELEYTT] 3SIERPIEN2007

BUGTRAQ - 20070804 Re:Re: [ELEYTT] 3SIERPIEN2007

BUGTRAQ - 20070803 Re: [ELEYTT] 3SIERPIEN2007

BUGTRAQ - 20070803 [ELEYTT] 3SIERPIEN2007

MISC - http://www.eleytt.com/michal.bucko/Eleytt_PhishAGoGo/bucked2.html

MISC - http://my.opera.com/MichalBucko/blog/firefox-2-0-0-5-uri-encoding-allows-phishing


Last Updated: 27 May 2016 10:45:50