CVE-2007-1362

2007-06-0100:30:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2007-1362

mozilla firefox

seamonkey

denial of service

vulnerability

nvd

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.284 Low

EPSS

Percentile

96.8%

JSON

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka “Path Abuse in Cookies.”

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq1.5.2
mozilla:firefoxmozilla firefoxeq1.5.0.6
mozilla:seamonkeymozilla seamonkeyeq1.0.9
mozilla:firefoxmozilla firefoxeq2.0.0.2
mozilla:firefoxmozilla firefoxeq1.5.0.10
mozilla:firefoxmozilla firefoxeq1.5.0.3
mozilla:firefoxmozilla firefoxeq1.5.0.11
mozilla:firefoxmozilla firefoxeq1.5.4
mozilla:firefoxmozilla firefoxeq1.5.6
mozilla:seamonkeymozilla seamonkeyeq1.1.2

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	1.5.2
mozilla:firefox	mozilla firefox	eq	1.5.0.6
mozilla:seamonkey	mozilla seamonkey	eq	1.0.9
mozilla:firefox	mozilla firefox	eq	2.0.0.2
mozilla:firefox	mozilla firefox	eq	1.5.0.10
mozilla:firefox	mozilla firefox	eq	1.5.0.3
mozilla:firefox	mozilla firefox	eq	1.5.0.11
mozilla:firefox	mozilla firefox	eq	1.5.4
mozilla:firefox	mozilla firefox	eq	1.5.6
mozilla:seamonkey	mozilla seamonkey	eq	1.1.2