CVE-2007-5960
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.5 Medium
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.9%
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.
Affected configurations
References
browser.netscape.com/releasenotes/
bugs.gentoo.org/show_bug.cgi?id=198965
bugs.gentoo.org/show_bug.cgi?id=200909
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html
secunia.com/advisories/27725
secunia.com/advisories/27793
secunia.com/advisories/27796
secunia.com/advisories/27797
secunia.com/advisories/27800
secunia.com/advisories/27816
secunia.com/advisories/27838
secunia.com/advisories/27845
secunia.com/advisories/27855
secunia.com/advisories/27944
secunia.com/advisories/27955
secunia.com/advisories/27957
secunia.com/advisories/27979
secunia.com/advisories/28001
secunia.com/advisories/28016
secunia.com/advisories/28171
secunia.com/advisories/28277
secunia.com/advisories/28398
secunia.com/advisories/29164
security.gentoo.org/glsa/glsa-200712-21.xml
securitytracker.com/id?1018995
slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.365006
slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374833
sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1
wiki.rpath.com/Advisories:rPSA-2008-0093
wiki.rpath.com/wiki/Advisories:rPSA-2007-0260
wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
www.debian.org/security/2007/dsa-1424
www.debian.org/security/2007/dsa-1425
www.mandriva.com/security/advisories?name=MDKSA-2007:246
www.mozilla.org/security/announce/2007/mfsa2007-39.html
www.redhat.com/support/errata/RHSA-2007-1082.html
www.redhat.com/support/errata/RHSA-2007-1083.html
www.redhat.com/support/errata/RHSA-2007-1084.html
www.securityfocus.com/archive/1/488002/100/0/threaded
www.securityfocus.com/archive/1/488971/100/0/threaded
www.securityfocus.com/bid/26589
www.ubuntu.com/usn/usn-546-2
www.vupen.com/english/advisories/2007/4002
www.vupen.com/english/advisories/2007/4018
www.vupen.com/english/advisories/2008/0083
www.vupen.com/english/advisories/2008/0643
exchange.xforce.ibmcloud.com/vulnerabilities/38644
issues.rpath.com/browse/RPL-1984
issues.rpath.com/browse/RPL-1995
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9794
usn.ubuntu.com/546-1/
www.redhat.com/archives/fedora-package-announce/2007-December/msg00115.html
www.redhat.com/archives/fedora-package-announce/2007-December/msg00135.html
www.redhat.com/archives/fedora-package-announce/2007-December/msg00168.html
www.redhat.com/archives/fedora-package-announce/2007-November/msg01011.html
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.5 Medium
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.9%