Lucene search

K

[email protected]CVE-2007-2871

HistoryJun 01, 2007 - 12:30 a.m.

CVE-2007-2871

2007-06-0100:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

29

mozilla firefox

seamonkey

cve-2007-2871

spoofing

phishing

security vulnerability

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.058 Low

EPSS

Percentile

93.3%

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser’s content pane. NOTE: this issue can be leveraged for phishing and other attacks.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq1.5.0.6
mozilla:seamonkeymozilla seamonkeyeq1.0.9
mozilla:firefoxmozilla firefoxeq2.0.0.2
mozilla:firefoxmozilla firefoxeq1.5.0.10
mozilla:firefoxmozilla firefoxeq1.5.0.3
mozilla:firefoxmozilla firefoxeq1.5.0.11
mozilla:firefoxmozilla firefoxeq1.5
mozilla:seamonkeymozilla seamonkeyeq1.1.2
mozilla:firefoxmozilla firefoxeq1.5.0.7
mozilla:firefoxmozilla firefoxeq2.0

Rows per page:

1-10 of 181

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

osvdb.org/35137

secunia.com/advisories/25469

secunia.com/advisories/25476

secunia.com/advisories/25488

secunia.com/advisories/25490

secunia.com/advisories/25491

secunia.com/advisories/25533

secunia.com/advisories/25534

secunia.com/advisories/25559

secunia.com/advisories/25635

secunia.com/advisories/25647

secunia.com/advisories/25685

secunia.com/advisories/25750

secunia.com/advisories/25858

security.gentoo.org/glsa/glsa-200706-06.xml

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857

www.debian.org/security/2007/dsa-1300

www.debian.org/security/2007/dsa-1306

www.debian.org/security/2007/dsa-1308

www.mandriva.com/security/advisories?name=MDKSA-2007:120

www.mandriva.com/security/advisories?name=MDKSA-2007:126

www.mozilla.org/security/announce/2007/mfsa2007-17.html

www.novell.com/linux/security/advisories/2007_36_mozilla.html

www.redhat.com/support/errata/RHSA-2007-0400.html

www.redhat.com/support/errata/RHSA-2007-0401.html

www.redhat.com/support/errata/RHSA-2007-0402.html

www.securityfocus.com/archive/1/470172/100/200/threaded

www.securityfocus.com/bid/24242

www.securitytracker.com/id?1018155

www.securitytracker.com/id?1018156

www.ubuntu.com/usn/usn-468-1

www.us-cert.gov/cas/techalerts/TA07-151A.html

www.vupen.com/english/advisories/2007/1994

exchange.xforce.ibmcloud.com/vulnerabilities/34606

issues.rpath.com/browse/RPL-1424

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11433

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.058 Low

EPSS

Percentile

93.3%

Related for CVE-2007-2871

prion1 veracode1 ubuntucve1 mozilla1 securityvulns2 openvas52 nessus38 debian3 osv3 redhat3 fedora15 oraclelinux3 ubuntu1 centos4 gentoo1 suse1