Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5960

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5960
Last Modified 07 Mar 2011 12:00:00
Published 26 Nov 2007 06:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5960

Summary

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

Vulnerable Systems

Application

  • Mozilla Firefox 0.10

  • Mozilla Firefox 0.10.1

  • Mozilla Firefox 0.8

  • Mozilla Firefox 0.9

  • Mozilla Firefox 0.9.1

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 0.9.3

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.0.3

  • Mozilla Firefox 1.0.4

  • Mozilla Firefox 1.0.5

  • Mozilla Firefox 1.0.6

  • Mozilla Firefox 1.0.7

  • Mozilla Firefox 1.0.8

  • Mozilla Firefox 1.5

  • Mozilla Firefox 1.5.0.1

  • Mozilla Firefox 1.5.0.10

  • Mozilla Firefox 1.5.0.11

  • Mozilla Firefox 1.5.0.12

  • Mozilla Firefox 1.5.0.2

  • Mozilla Firefox 1.5.0.3

  • Mozilla Firefox 1.5.0.4

  • Mozilla Firefox 1.5.0.5

  • Mozilla Firefox 1.5.0.6

  • Mozilla Firefox 1.5.0.7

  • Mozilla Firefox 1.5.0.8

  • Mozilla Firefox 1.5.0.9

  • Mozilla Firefox 1.5.1

  • Mozilla Firefox 1.5.2

  • Mozilla Firefox 1.5.3

  • Mozilla Firefox 1.5.4

  • Mozilla Firefox 1.5.5

  • Mozilla Firefox 1.5.6

  • Mozilla Firefox 1.5.7

  • Mozilla Firefox 1.5.8

  • Mozilla Firefox 1.8

  • Mozilla Firefox 2.0

  • Mozilla Firefox 2.0.0.1

  • Mozilla Firefox 2.0.0.2

  • Mozilla Firefox 2.0.0.3

  • Mozilla Firefox 2.0.0.4

  • Mozilla Firefox 2.0.0.5

  • Mozilla Firefox 2.0.0.6

  • Mozilla Firefox 2.0.0.7

  • Mozilla Firefox 2.0.0.8

  • Mozilla Firefox 2.0.0.9

  • Mozilla Seamonkey 1.1.7


References

FEDORA - FEDORA-2007-3952

FEDORA - FEDORA-2007-4098

FEDORA - FEDORA-2007-4106

FEDORA - FEDORA-2007-756

CONFIRM - https://issues.rpath.com/browse/RPL-1995

CONFIRM - https://issues.rpath.com/browse/RPL-1984

XF - mozilla-http-referer-spoofing(38644)

VUPEN - ADV-2008-0643

VUPEN - ADV-2008-0083

VUPEN - ADV-2007-4018

VUPEN - ADV-2007-4002

UBUNTU - USN-546-1

UBUNTU - USN-546-2

BID - 26589

BUGTRAQ - 20080229 rPSA-2008-0093-1 thunderbird

BUGTRAQ - 20080212 FLEA-2008-0001-1 firefox

REDHAT - RHSA-2007:1084

REDHAT - RHSA-2007:1083

REDHAT - RHSA-2007:1082

CONFIRM - http://www.mozilla.org/security/announce/2007/mfsa2007-39.html

MANDRIVA - MDKSA-2007:246

DEBIAN - DSA-1425

DEBIAN - DSA-1424

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0093

SUNALERT - 1018977

SUNALERT - 231441

SLACKWARE - SSA:2007-331-01

SLACKWARE - SSA:2007-333-01

SECTRACK - 1018995

GENTOO - GLSA-200712-21

SECUNIA - 28398

SECUNIA - 28277

SECUNIA - 28171

SECUNIA - 28016

SECUNIA - 28001

SECUNIA - 27979

SECUNIA - 27957

SECUNIA - 27955

SECUNIA - 27944

SECUNIA - 27855

SECUNIA - 27845

SECUNIA - 27838

SECUNIA - 27816

SECUNIA - 27800

SECUNIA - 27797

SECUNIA - 27796

SECUNIA - 27793

SECUNIA - 27725

SUSE - SUSE-SA:2007:066

HP - SSRT061181

HP - HPSBUX02153

MISC - http://bugs.gentoo.org/show_bug.cgi?id=200909

MISC - http://bugs.gentoo.org/show_bug.cgi?id=198965

CONFIRM - http://browser.netscape.com/releasenotes/

SECUNIA - 29164


Last Updated: 27 May 2016 10:46:20