Lucene search

[email protected]CVE-2007-1762

HistoryMar 30, 2007 - 12:19 a.m.

CVE-2007-1762

2007-03-3000:19:00

[email protected]

web.nvd.nist.gov

cve-2007-1762

mozilla firefox

url canonicalization

phishing protection

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.4%

JSON

Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL.

Affected configurations

NVD

Node

mozillafirefoxMatch2.0.0.1

mozillafirefoxMatch2.0.0.2

mozillafirefoxMatch2.0.0.3

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq2.0.0.1
mozilla:firefoxmozilla firefoxeq2.0.0.2
mozilla:firefoxmozilla firefoxeq2.0.0.3

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	2.0.0.1
mozilla:firefox	mozilla firefox	eq	2.0.0.2
mozilla:firefox	mozilla firefox	eq	2.0.0.3

References

osvdb.org/34535

www.securityfocus.com/archive/1/464149/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/33486

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.4%

JSON

Related for CVE-2007-1762

prion1 cvelist1 nvd1 ubuntucve1 securityvulns1