Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2007-ALE-012
Vulnerability from certfr_alerte
Plusieurs vulnérabilités sont présentes dans Mozilla Firefox et permettent à un utilisateur distant de porter atteinte à la confidentialité des données ou potentiellement d'exécuter du code arbitraire sur la machine vulnérable.
Description
Plusieurs vulnérabilités dont certaines ont déjà été abordées dans nos bulletins d'actualités sont présentes dans le navigateur Mozilla Firefox :
- une première concerne une erreur mal corrigée relative au contexte de navigation ressource:// qui permettrait un accès à certains fichiers de la machine vulnérable. Un article dans le bulletin d'actualité CERTA-2007-ACT-020 détaille cette vulnérabilité. Il est à noter que la faille n'est que partiellement corrigée et permet encore l'accès à certains fichiers.
- une seconde concerne le système de mise à jour des extensions dans Firefox. Un manque de contrôle dans la manière dont les mises à jour des extensions sont effectuées permet l'utilisation de protocoles non-sûrs. Les détails de cette faille sont présentés dans CERTA-2007-ACT-022.
- une troisième et dernière vulnérabilité plus récente se rapporte à la gestion des IFRAMES et permettrait d'associer une gestion arbitraire d'événements comme des frappes claviers dans le contexte d'une page particulière. Ainsi, il serait possible de capturer des éléments fournis par un utilisateur dans un formulaire et cela à son insu.
- une quatrième vulnérabilité est dûe au fait que Firefox ne filtre pas correctement les extensions des fichiers qui lui sont fournis en URL. Il est ainsi possible de modifier le comportement de Firefox vis-à-vis d'un fichier par le biais d'une extension construite de façon particulière. Cette faille permet donc à un utilisateur malveillant d'exécuter du code arbitraire à distance.
Contournement provisoire
De façon générale et en particulier pour la troisième vulnérabilité, il
est fortement recommandé de désactiver par défaut le support des
Javascript dans Firefox.
L'accumulation de vulnérabilités dans Firefox peut rendre également
préférable l'utilisation d'un navigateur alternatif autre que ceux basés
sur le moteur de rendu de Firefox : Gecko.
Solution
Se reporter à la mise à jour de Mozilla Firefox, version 2.0.0.5, publiée le 17 juillet 2007, et détaillée dans l'avis CERTA-2007-AVI-318.
Firefox versions 2.0.0.4 et antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eFirefox versions 2.0.0.4 et ant\u00e9rieures.\u003c/p\u003e",
"closed_at": "2007-07-18",
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dont certaines ont d\u00e9j\u00e0 \u00e9t\u00e9 abord\u00e9es dans nos\nbulletins d\u0027actualit\u00e9s sont pr\u00e9sentes dans le navigateur Mozilla Firefox\n:\n\n- une premi\u00e8re concerne une erreur mal corrig\u00e9e relative au contexte\n de navigation ressource:// qui permettrait un acc\u00e8s \u00e0 certains\n fichiers de la machine vuln\u00e9rable. Un article dans le bulletin\n d\u0027actualit\u00e9 CERTA-2007-ACT-020 d\u00e9taille cette vuln\u00e9rabilit\u00e9. Il est\n \u00e0 noter que la faille n\u0027est que partiellement corrig\u00e9e et permet\n encore l\u0027acc\u00e8s \u00e0 certains fichiers.\n- une seconde concerne le syst\u00e8me de mise \u00e0 jour des extensions dans\n Firefox. Un manque de contr\u00f4le dans la mani\u00e8re dont les mises \u00e0 jour\n des extensions sont effectu\u00e9es permet l\u0027utilisation de protocoles\n non-s\u00fbrs. Les d\u00e9tails de cette faille sont pr\u00e9sent\u00e9s dans\n CERTA-2007-ACT-022.\n- une troisi\u00e8me et derni\u00e8re vuln\u00e9rabilit\u00e9 plus r\u00e9cente se rapporte \u00e0\n la gestion des IFRAMES et permettrait d\u0027associer une gestion\n arbitraire d\u0027\u00e9v\u00e9nements comme des frappes claviers dans le contexte\n d\u0027une page particuli\u00e8re. Ainsi, il serait possible de capturer des\n \u00e9l\u00e9ments fournis par un utilisateur dans un formulaire et cela \u00e0 son\n insu.\n- une quatri\u00e8me vuln\u00e9rabilit\u00e9 est d\u00fbe au fait que Firefox ne filtre\n pas correctement les extensions des fichiers qui lui sont fournis en\n URL. Il est ainsi possible de modifier le comportement de Firefox\n vis-\u00e0-vis d\u0027un fichier par le biais d\u0027une extension construite de\n fa\u00e7on particuli\u00e8re. Cette faille permet donc \u00e0 un utilisateur\n malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Contournement provisoire\n\nDe fa\u00e7on g\u00e9n\u00e9rale et en particulier pour la troisi\u00e8me vuln\u00e9rabilit\u00e9, il\nest fortement recommand\u00e9 de d\u00e9sactiver par d\u00e9faut le support des\nJavascript dans Firefox. \nL\u0027accumulation de vuln\u00e9rabilit\u00e9s dans Firefox peut rendre \u00e9galement\npr\u00e9f\u00e9rable l\u0027utilisation d\u0027un navigateur alternatif autre que ceux bas\u00e9s\nsur le moteur de rendu de Firefox : Gecko.\n\n## Solution\n\nSe reporter \u00e0 la mise \u00e0 jour de Mozilla Firefox, version 2.0.0.5,\npubli\u00e9e le 17 juillet 2007, et d\u00e9taill\u00e9e dans l\u0027avis CERTA-2007-AVI-318.\n",
"cves": [
{
"name": "CVE-2007-3074",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3074"
},
{
"name": "CVE-2007-3072",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3072"
},
{
"name": "CVE-2007-3089",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3089"
},
{
"name": "CVE-2007-3073",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3073"
}
],
"initial_release_date": "2007-06-06T00:00:00",
"last_revision_date": "2007-07-18T00:00:00",
"links": [
{
"title": "Bulletin d\u0027actualit\u00e9 CERTA-2007-ACT-022 du 01 juin 2007 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-ACT-022.pdf"
},
{
"title": "Avis du CERTA CERTA-2007-AVI-318 du 18 juillet 2007 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-318"
},
{
"title": "Bulletin d\u0027actualit\u00e9 CERTA-2007-ACT-020 du 18 mai 2007 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-ACT-020.pdf"
},
{
"title": "Rapport de coquille Mozilla #382686 :",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=382686"
},
{
"title": "Rapport de coquille Mozilla #381300 :",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=381300"
}
],
"reference": "CERTA-2007-ALE-012",
"revisions": [
{
"description": "version initiale ;",
"revision_date": "2007-06-06T00:00:00.000000"
},
{
"description": "ajout de la quatri\u00e8me vuln\u00e9rabilit\u00e9 relative aux extensions de fichiers ;",
"revision_date": "2007-06-08T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences CVE.",
"revision_date": "2007-06-13T00:00:00.000000"
},
{
"description": "ajout de la section \u003cTT\u003eSolution\u003c/TT\u003e, suite \u00e0 la publication de la nouvelle version 2.0.0.5 de Firefox.",
"revision_date": "2007-07-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans Mozilla Firefox et\npermettent \u00e0 un utilisateur distant de porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es ou potentiellement d\u0027ex\u00e9cuter du code\narbitraire sur la machine vuln\u00e9rable.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": []
}
CVE-2007-3072 (GCVE-0-2007-3072)
Vulnerability from cvelistv5
Published
2007-06-06 10:00
Modified
2024-08-07 14:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:28.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070604 Unpatched input validation flaw in Firefox 2.0.0.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470500/100/0/threaded"
},
{
"name": "35922",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35922"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/#comment-35888"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=367428"
},
{
"name": "25481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25481"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070604 Unpatched input validation flaw in Firefox 2.0.0.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470500/100/0/threaded"
},
{
"name": "35922",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35922"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/#comment-35888"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=367428"
},
{
"name": "25481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25481"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070604 Unpatched input validation flaw in Firefox 2.0.0.4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470500/100/0/threaded"
},
{
"name": "35922",
"refsource": "OSVDB",
"url": "http://osvdb.org/35922"
},
{
"name": "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/",
"refsource": "MISC",
"url": "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/"
},
{
"name": "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/",
"refsource": "MISC",
"url": "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/"
},
{
"name": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/",
"refsource": "MISC",
"url": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/"
},
{
"name": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/#comment-35888",
"refsource": "MISC",
"url": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/#comment-35888"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=367428",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=367428"
},
{
"name": "25481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25481"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3072",
"datePublished": "2007-06-06T10:00:00",
"dateReserved": "2007-06-05T00:00:00",
"dateUpdated": "2024-08-07T14:05:28.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3073 (GCVE-0-2007-3073)
Vulnerability from cvelistv5
Published
2007-06-06 10:00
Modified
2024-08-07 14:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:28.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070604 Unpatched input validation flaw in Firefox 2.0.0.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470500/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=367428"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=380994"
},
{
"name": "25481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25481"
},
{
"name": "35920",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35920"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070604 Unpatched input validation flaw in Firefox 2.0.0.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470500/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=367428"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=380994"
},
{
"name": "25481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25481"
},
{
"name": "35920",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35920"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070604 Unpatched input validation flaw in Firefox 2.0.0.4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470500/100/0/threaded"
},
{
"name": "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/",
"refsource": "MISC",
"url": "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/"
},
{
"name": "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/",
"refsource": "MISC",
"url": "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/"
},
{
"name": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/",
"refsource": "MISC",
"url": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=367428",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=367428"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=380994",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=380994"
},
{
"name": "25481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25481"
},
{
"name": "35920",
"refsource": "OSVDB",
"url": "http://osvdb.org/35920"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3073",
"datePublished": "2007-06-06T10:00:00",
"dateReserved": "2007-06-05T00:00:00",
"dateUpdated": "2024-08-07T14:05:28.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3089 (GCVE-0-2007-3089)
Vulnerability from cvelistv5
Published
2007-06-06 21:00
Modified
2024-08-07 14:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:28.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-490-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-490-1"
},
{
"name": "1018412",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018412"
},
{
"name": "26107",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26107"
},
{
"name": "VU#143297",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/143297"
},
{
"name": "26179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26179"
},
{
"name": "ADV-2007-4256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4256"
},
{
"name": "25589",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25589"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lcamtuf.coredump.cx/ifsnatch/"
},
{
"name": "HPSBUX02153",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "MDKSA-2007:152",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
},
{
"name": "GLSA-200708-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-20.html"
},
{
"name": "DSA-1339",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1339"
},
{
"name": "oval:org.mitre.oval:def:11122",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11122"
},
{
"name": "TA07-199A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html"
},
{
"name": "26151",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26151"
},
{
"name": "20070604 Assorted browser vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html"
},
{
"name": "firefox-iframe-security-bypass(34701)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34701"
},
{
"name": "28135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28135"
},
{
"name": "20070604 Assorted browser vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470446/100/0/threaded"
},
{
"name": "26216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26216"
},
{
"name": "26103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26103"
},
{
"name": "24286",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24286"
},
{
"name": "26072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26072"
},
{
"name": "26149",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26149"
},
{
"name": "103177",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1"
},
{
"name": "ADV-2007-2564",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2564"
},
{
"name": "DSA-1337",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1337"
},
{
"name": "26211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26211"
},
{
"name": "2781",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2781"
},
{
"name": "26159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26159"
},
{
"name": "SUSE-SA:2007:049",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
},
{
"name": "SSRT061181",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "DSA-1338",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1338"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=381300"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
},
{
"name": "26095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26095"
},
{
"name": "20070724 FLEA-2007-0033-1: firefox thunderbird",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474542/100/0/threaded"
},
{
"name": "26258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26258"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=382686"
},
{
"name": "26460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26460"
},
{
"name": "26106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26106"
},
{
"name": "20070701-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=382686"
},
{
"name": "RHSA-2007:0724",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0724.html"
},
{
"name": "20070720 rPSA-2007-0148-1 firefox thunderbird",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474226/100/0/threaded"
},
{
"name": "RHSA-2007:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0723.html"
},
{
"name": "26271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26271"
},
{
"name": "38024",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38024"
},
{
"name": "RHSA-2007:0722",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0722.html"
},
{
"name": "201516",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=381300"
},
{
"name": "26204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26204"
},
{
"name": "26205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the \"promiscuous IFRAME access bug,\" a related issue to CVE-2006-4568."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-490-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-490-1"
},
{
"name": "1018412",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018412"
},
{
"name": "26107",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26107"
},
{
"name": "VU#143297",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/143297"
},
{
"name": "26179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26179"
},
{
"name": "ADV-2007-4256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4256"
},
{
"name": "25589",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25589"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lcamtuf.coredump.cx/ifsnatch/"
},
{
"name": "HPSBUX02153",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "MDKSA-2007:152",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
},
{
"name": "GLSA-200708-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-20.html"
},
{
"name": "DSA-1339",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1339"
},
{
"name": "oval:org.mitre.oval:def:11122",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11122"
},
{
"name": "TA07-199A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html"
},
{
"name": "26151",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26151"
},
{
"name": "20070604 Assorted browser vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html"
},
{
"name": "firefox-iframe-security-bypass(34701)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34701"
},
{
"name": "28135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28135"
},
{
"name": "20070604 Assorted browser vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470446/100/0/threaded"
},
{
"name": "26216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26216"
},
{
"name": "26103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26103"
},
{
"name": "24286",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24286"
},
{
"name": "26072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26072"
},
{
"name": "26149",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26149"
},
{
"name": "103177",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1"
},
{
"name": "ADV-2007-2564",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2564"
},
{
"name": "DSA-1337",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1337"
},
{
"name": "26211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26211"
},
{
"name": "2781",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2781"
},
{
"name": "26159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26159"
},
{
"name": "SUSE-SA:2007:049",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
},
{
"name": "SSRT061181",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "DSA-1338",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1338"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=381300"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
},
{
"name": "26095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26095"
},
{
"name": "20070724 FLEA-2007-0033-1: firefox thunderbird",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474542/100/0/threaded"
},
{
"name": "26258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26258"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=382686"
},
{
"name": "26460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26460"
},
{
"name": "26106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26106"
},
{
"name": "20070701-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=382686"
},
{
"name": "RHSA-2007:0724",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0724.html"
},
{
"name": "20070720 rPSA-2007-0148-1 firefox thunderbird",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474226/100/0/threaded"
},
{
"name": "RHSA-2007:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0723.html"
},
{
"name": "26271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26271"
},
{
"name": "38024",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38024"
},
{
"name": "RHSA-2007:0722",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0722.html"
},
{
"name": "201516",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=381300"
},
{
"name": "26204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26204"
},
{
"name": "26205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the \"promiscuous IFRAME access bug,\" a related issue to CVE-2006-4568."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-490-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-490-1"
},
{
"name": "1018412",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018412"
},
{
"name": "26107",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26107"
},
{
"name": "VU#143297",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/143297"
},
{
"name": "26179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26179"
},
{
"name": "ADV-2007-4256",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4256"
},
{
"name": "25589",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25589"
},
{
"name": "http://lcamtuf.coredump.cx/ifsnatch/",
"refsource": "MISC",
"url": "http://lcamtuf.coredump.cx/ifsnatch/"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "MDKSA-2007:152",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
},
{
"name": "GLSA-200708-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml"
},
{
"name": "http://www.mozilla.org/security/announce/2007/mfsa2007-20.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-20.html"
},
{
"name": "DSA-1339",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1339"
},
{
"name": "oval:org.mitre.oval:def:11122",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11122"
},
{
"name": "TA07-199A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html"
},
{
"name": "26151",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26151"
},
{
"name": "20070604 Assorted browser vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html"
},
{
"name": "firefox-iframe-security-bypass(34701)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34701"
},
{
"name": "28135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28135"
},
{
"name": "20070604 Assorted browser vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470446/100/0/threaded"
},
{
"name": "26216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26216"
},
{
"name": "26103",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26103"
},
{
"name": "24286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24286"
},
{
"name": "26072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26072"
},
{
"name": "26149",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26149"
},
{
"name": "103177",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1"
},
{
"name": "ADV-2007-2564",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2564"
},
{
"name": "DSA-1337",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1337"
},
{
"name": "26211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26211"
},
{
"name": "2781",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2781"
},
{
"name": "26159",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26159"
},
{
"name": "SUSE-SA:2007:049",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
},
{
"name": "SSRT061181",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "DSA-1338",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1338"
},
{
"name": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt",
"refsource": "CONFIRM",
"url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=381300",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=381300"
},
{
"name": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
},
{
"name": "26095",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26095"
},
{
"name": "20070724 FLEA-2007-0033-1: firefox thunderbird",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474542/100/0/threaded"
},
{
"name": "26258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26258"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=382686",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=382686"
},
{
"name": "26460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26460"
},
{
"name": "26106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26106"
},
{
"name": "20070701-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=382686",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=382686"
},
{
"name": "RHSA-2007:0724",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0724.html"
},
{
"name": "20070720 rPSA-2007-0148-1 firefox thunderbird",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474226/100/0/threaded"
},
{
"name": "RHSA-2007:0723",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0723.html"
},
{
"name": "26271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26271"
},
{
"name": "38024",
"refsource": "OSVDB",
"url": "http://osvdb.org/38024"
},
{
"name": "RHSA-2007:0722",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0722.html"
},
{
"name": "201516",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=381300",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=381300"
},
{
"name": "26204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26204"
},
{
"name": "26205",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3089",
"datePublished": "2007-06-06T21:00:00",
"dateReserved": "2007-06-06T00:00:00",
"dateUpdated": "2024-08-07T14:05:28.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3074 (GCVE-0-2007-3074)
Vulnerability from cvelistv5
Published
2007-06-06 10:00
Modified
2024-08-07 14:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070604 Unpatched input validation flaw in Firefox 2.0.0.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470500/100/0/threaded"
},
{
"name": "35918",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35918"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=367428"
},
{
"name": "25481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25481"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070604 Unpatched input validation flaw in Firefox 2.0.0.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470500/100/0/threaded"
},
{
"name": "35918",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35918"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=367428"
},
{
"name": "25481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25481"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070604 Unpatched input validation flaw in Firefox 2.0.0.4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470500/100/0/threaded"
},
{
"name": "35918",
"refsource": "OSVDB",
"url": "http://osvdb.org/35918"
},
{
"name": "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/",
"refsource": "MISC",
"url": "http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/"
},
{
"name": "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/",
"refsource": "MISC",
"url": "http://larholm.com/2007/05/25/firefox-0day-local-file-reading/"
},
{
"name": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/",
"refsource": "MISC",
"url": "http://ha.ckers.org/blog/20070516/read-firefox-settings-poc/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=367428",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=367428"
},
{
"name": "25481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25481"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3074",
"datePublished": "2007-06-06T10:00:00",
"dateReserved": "2007-06-05T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…