Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4879

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4879
Last Modified 07 Mar 2011 12:00:00
Published 13 Sep 2007 02:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4879

Summary

Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.

Vulnerable Systems

Application

  • Mozilla Firefox 0.1

  • Mozilla Firefox 0.10

  • Mozilla Firefox 0.10.1

  • Mozilla Firefox 0.2

  • Mozilla Firefox 0.3

  • Mozilla Firefox 0.4

  • Mozilla Firefox 0.5

  • Mozilla Firefox 0.6

  • Mozilla Firefox 0.6.1

  • Mozilla Firefox 0.7

  • Mozilla Firefox 0.7.1

  • Mozilla Firefox 0.8

  • Mozilla Firefox 0.9

  • Mozilla Firefox 0.9.1

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 0.9.3

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.0.3

  • Mozilla Firefox 1.0.4

  • Mozilla Firefox 1.0.5

  • Mozilla Firefox 1.0.6

  • Mozilla Firefox 1.0.7

  • Mozilla Firefox 1.0.8

  • Mozilla Firefox 1.4.1

  • Mozilla Firefox 1.5

  • Mozilla Firefox 1.5.0.1

  • Mozilla Firefox 1.5.0.10

  • Mozilla Firefox 1.5.0.11

  • Mozilla Firefox 1.5.0.12

  • Mozilla Firefox 1.5.0.2

  • Mozilla Firefox 1.5.0.3

  • Mozilla Firefox 1.5.0.4

  • Mozilla Firefox 1.5.0.5

  • Mozilla Firefox 1.5.0.6

  • Mozilla Firefox 1.5.0.7

  • Mozilla Firefox 1.5.0.8

  • Mozilla Firefox 1.5.0.9

  • Mozilla Firefox 1.5.1

  • Mozilla Firefox 1.5.2

  • Mozilla Firefox 1.5.3

  • Mozilla Firefox 1.5.4

  • Mozilla Firefox 1.5.5

  • Mozilla Firefox 1.5.6

  • Mozilla Firefox 1.5.7

  • Mozilla Firefox 1.5.8

  • Mozilla Firefox 1.8

  • Mozilla Firefox 2.0

  • Mozilla Firefox 2.0.0.1

  • Mozilla Firefox 2.0.0.10

  • Mozilla Firefox 2.0.0.11

  • Mozilla Firefox 2.0.0.12

  • Mozilla Firefox 2.0.0.2

  • Mozilla Firefox 2.0.0.3

  • Mozilla Firefox 2.0.0.4

  • Mozilla Firefox 2.0.0.5

  • Mozilla Firefox 2.0.0.6

  • Mozilla Firefox 2.0.0.7

  • Mozilla Firefox 2.0.0.8

  • Mozilla Firefox 2.0.0.9

  • Mozilla Seamonkey 1.0

  • Mozilla Seamonkey 1.0.1

  • Mozilla Seamonkey 1.0.2

  • Mozilla Seamonkey 1.0.3

  • Mozilla Seamonkey 1.0.4

  • Mozilla Seamonkey 1.0.5

  • Mozilla Seamonkey 1.0.6

  • Mozilla Seamonkey 1.0.7

  • Mozilla Seamonkey 1.0.8

  • Mozilla Seamonkey 1.0.9

  • Mozilla Seamonkey 1.1

  • Mozilla Seamonkey 1.1.1

  • Mozilla Seamonkey 1.1.2

  • Mozilla Seamonkey 1.1.3

  • Mozilla Seamonkey 1.1.4

  • Mozilla Seamonkey 1.1.5

  • Mozilla Seamonkey 1.1.6

  • Mozilla Seamonkey 1.1.7

  • Mozilla Seamonkey 1.1.8


References

CERT - TA08-087A

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=395399

VUPEN - ADV-2008-1793

VUPEN - ADV-2008-0998

UBUNTU - USN-592-1

SECTRACK - 1019704

BID - 28448

BUGTRAQ - 20080327 rPSA-2008-0128-1 firefox

CONFIRM - http://www.mozilla.org/security/announce/2008/mfsa2008-17.html

MANDRIVA - MDVSA-2008:080

GENTOO - GLSA-200805-18

DEBIAN - DSA-1535

DEBIAN - DSA-1534

DEBIAN - DSA-1532

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128

SUNALERT - 238492

SECUNIA - 30620

SECUNIA - 30327

SECUNIA - 29645

SECUNIA - 29616

SECUNIA - 29560

SECUNIA - 29558

SECUNIA - 29547

SECUNIA - 29541

SECUNIA - 29539

SECUNIA - 29526

SUSE - SUSE-SA:2008:019

MISC - http://0x90.eu/ff_tls_poc.html

Related Patches

Novell SUSE 2008:5164 mozilla-xulrunner security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:45:58