Lucene search

[email protected]CVE-2007-3074

HistoryJun 06, 2007 - 10:30 a.m.

CVE-2007-3074

2007-06-0610:30:00

CWE-200

[email protected]

web.nvd.nist.gov

mozilla

firefox

cve-2007-3074

file read

security vulnerability

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.016 Low

EPSS

Percentile

87.3%

JSON

Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq2.0.0.2
mozilla:firefoxmozilla firefoxeq2.0
mozilla:firefoxmozilla firefoxeq2.0.0.3
mozilla:firefoxmozilla firefoxeq2.0.0.4
mozilla:firefoxmozilla firefoxeq2.0.0.1

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	2.0.0.2
mozilla:firefox	mozilla firefox	eq	2.0
mozilla:firefox	mozilla firefox	eq	2.0.0.3
mozilla:firefox	mozilla firefox	eq	2.0.0.4
mozilla:firefox	mozilla firefox	eq	2.0.0.1

References

ha.ckers.org/blog/20070516/read-firefox-settings-poc/

larholm.com/2007/05/25/firefox-0day-local-file-reading/

larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004/

osvdb.org/35918

secunia.com/advisories/25481

www.securityfocus.com/archive/1/470500/100/0/threaded

bugzilla.mozilla.org/show_bug.cgi?id=367428

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.016 Low

EPSS

Percentile

87.3%

JSON

Related for CVE-2007-3074

ubuntucve1 prion1