Lucene search

[email protected]CVE-2007-3072

HistoryJun 06, 2007 - 10:30 a.m.

CVE-2007-3072

2007-06-0610:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2007

3072

directory traversal

mozilla

firefox

windows

remote attackers

arbitrary files

resource uri

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.3%

JSON

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via …%5C (dot dot encoded backslash) sequences in a resource:// URI.

Affected configurations

NVD

Node

mozillafirefoxMatch2.0

mozillafirefoxMatch2.0.0.1

mozillafirefoxMatch2.0.0.2

mozillafirefoxMatch2.0.0.3

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq2.0
mozilla:firefoxmozilla firefoxeq2.0.0.1
mozilla:firefoxmozilla firefoxeq2.0.0.2
mozilla:firefoxmozilla firefoxeq2.0.0.3

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	2.0
mozilla:firefox	mozilla firefox	eq	2.0.0.1
mozilla:firefox	mozilla firefox	eq	2.0.0.2
mozilla:firefox	mozilla firefox	eq	2.0.0.3

References

ha.ckers.org/blog/20070516/read-firefox-settings-poc/

ha.ckers.org/blog/20070516/read-firefox-settings-poc/#comment-35888

larholm.com/2007/05/25/firefox-0day-local-file-reading/

larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/

osvdb.org/35922

secunia.com/advisories/25481

www.securityfocus.com/archive/1/470500/100/0/threaded

bugzilla.mozilla.org/show_bug.cgi?id=367428

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.3%

JSON

Related for CVE-2007-3072

prion1 nvd1 ubuntucve1 cvelist1