Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5337

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5337
Last Modified 07 Mar 2011 10:00:31
Published 21 Oct 2007 04:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5337

Summary

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.

Vulnerable Systems

Application

  • Gnome-vfs

  • Mozilla Firefox 2.0.0.7

  • Mozilla Seamonkey 1.1.4


References

CONFIRM - http://www.mozilla.org/security/announce/2007/mfsa2007-34.html

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=381146

VUPEN - ADV-2008-0083

VUPEN - ADV-2007-3587

VUPEN - ADV-2007-3544

HP - SSRT061181

FEDORA - FEDORA-2007-2664

FEDORA - FEDORA-2007-2601

FEDORA - FEDORA-2007-3431

CONFIRM - https://issues.rpath.com/browse/RPL-1858

XF - mozilla-sftp-file-access(37287)

UBUNTU - USN-535-1

UBUNTU - USN-536-1

BID - 26132

BUGTRAQ - 20071029 rPSA-2007-0225-2 firefox thunderbird

BUGTRAQ - 20071029 FLEA-2007-0062-1 firefox

BUGTRAQ - 20071026 rPSA-2007-0225-1 firefox

REDHAT - RHSA-2007:0981

REDHAT - RHSA-2007:0980

REDHAT - RHSA-2007:0979

SUSE - SUSE-SA:2007:057

MANDRIVA - MDKSA-2007:202

GENTOO - GLSA-200711-14

DEBIAN - DSA-1401

DEBIAN - DSA-1396

DEBIAN - DSA-1392

CONFIRM - http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

SUNALERT - 201516

SECTRACK - 1018837

SECUNIA - 28398

SECUNIA - 27680

SECUNIA - 27665

SECUNIA - 27480

SECUNIA - 27425

SECUNIA - 27414

SECUNIA - 27403

SECUNIA - 27387

SECUNIA - 27383

SECUNIA - 27360

SECUNIA - 27356

SECUNIA - 27336

SECUNIA - 27335

SECUNIA - 27327

SECUNIA - 27325

SECUNIA - 27298

SECUNIA - 27276

HP - HPSBUX02153


Last Updated: 27 May 2016 10:47:26