Lucene search

RedhatCVELIST:CVE-2007-5960

HistoryNov 26, 2007 - 11:00 p.m.

CVE-2007-5960

2007-11-2623:00:00

redhat

www.cve.org

6.5 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.9%

JSON

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

References

browser.netscape.com/releasenotes/

bugs.gentoo.org/show_bug.cgi?id=198965

bugs.gentoo.org/show_bug.cgi?id=200909

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html

secunia.com/advisories/27725

secunia.com/advisories/27793

secunia.com/advisories/27796

secunia.com/advisories/27797

secunia.com/advisories/27800

secunia.com/advisories/27816

secunia.com/advisories/27838

secunia.com/advisories/27845

secunia.com/advisories/27855

secunia.com/advisories/27944

secunia.com/advisories/27955

secunia.com/advisories/27957

secunia.com/advisories/27979

secunia.com/advisories/28001

secunia.com/advisories/28016

secunia.com/advisories/28171

secunia.com/advisories/28277

secunia.com/advisories/28398

secunia.com/advisories/29164

security.gentoo.org/glsa/glsa-200712-21.xml

securitytracker.com/id?1018995

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.365006

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374833

sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1

sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1

wiki.rpath.com/Advisories:rPSA-2008-0093

wiki.rpath.com/wiki/Advisories:rPSA-2007-0260

wiki.rpath.com/wiki/Advisories:rPSA-2008-0093

www.debian.org/security/2007/dsa-1424

www.debian.org/security/2007/dsa-1425

www.mandriva.com/security/advisories?name=MDKSA-2007:246

www.mozilla.org/security/announce/2007/mfsa2007-39.html

www.redhat.com/support/errata/RHSA-2007-1082.html

www.redhat.com/support/errata/RHSA-2007-1083.html

www.redhat.com/support/errata/RHSA-2007-1084.html

www.securityfocus.com/archive/1/488002/100/0/threaded

www.securityfocus.com/archive/1/488971/100/0/threaded

www.securityfocus.com/bid/26589

www.ubuntu.com/usn/usn-546-2

www.vupen.com/english/advisories/2007/4002

www.vupen.com/english/advisories/2007/4018

www.vupen.com/english/advisories/2008/0083

www.vupen.com/english/advisories/2008/0643

exchange.xforce.ibmcloud.com/vulnerabilities/38644

issues.rpath.com/browse/RPL-1984

issues.rpath.com/browse/RPL-1995

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9794

usn.ubuntu.com/546-1/

www.redhat.com/archives/fedora-package-announce/2007-December/msg00115.html

www.redhat.com/archives/fedora-package-announce/2007-December/msg00135.html

www.redhat.com/archives/fedora-package-announce/2007-December/msg00168.html

www.redhat.com/archives/fedora-package-announce/2007-November/msg01011.html