PRIOn knowledge basePRION:CVE-2007-0778Design/Logic Flaw
5.9 Medium
AI Score
Confidence
Low
5.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:C/I:N/A:N
0.015 Low
EPSS
Percentile
86.8%
The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ubuntu_linux | eq | 6.06 | |
| ubuntu_linux | eq | 6.10 | |
| ubuntu_linux | eq | 5.10 | |
| debian_linux | eq | 3.1 | |
| firefox | ge | 1.5 | |
| firefox | lt | 1.5.0.10 | |
| firefox | ge | 2.0 | |
| firefox | lt | 2.0.0.2 | |
| seamonkey | lt | 1.0.8 |
References
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
fedoranews.org/cms/node/2713
fedoranews.org/cms/node/2728
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
rhn.redhat.com/errata/RHSA-2007-0077.html
secunia.com/advisories/24205
secunia.com/advisories/24238
secunia.com/advisories/24287
secunia.com/advisories/24290
secunia.com/advisories/24293
secunia.com/advisories/24320
secunia.com/advisories/24328
secunia.com/advisories/24333
secunia.com/advisories/24342
secunia.com/advisories/24343
secunia.com/advisories/24384
secunia.com/advisories/24393
secunia.com/advisories/24395
secunia.com/advisories/24437
secunia.com/advisories/24455
secunia.com/advisories/24457
secunia.com/advisories/24650
secunia.com/advisories/25588
security.gentoo.org/glsa/glsa-200703-04.xml
securitytracker.com/id?1017699
slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
www.debian.org/security/2007/dsa-1336
www.gentoo.org/security/en/glsa/glsa-200703-08.xml
www.mandriva.com/security/advisories?name=MDKSA-2007:050
www.mozilla.org/security/announce/2007/mfsa2007-03.html
www.novell.com/linux/security/advisories/2007_22_mozilla.html
www.osvdb.org/32110
www.redhat.com/support/errata/RHSA-2007-0078.html
www.redhat.com/support/errata/RHSA-2007-0079.html
www.redhat.com/support/errata/RHSA-2007-0097.html
www.redhat.com/support/errata/RHSA-2007-0108.html
www.securityfocus.com/archive/1/461336/100/0/threaded
www.securityfocus.com/archive/1/461809/100/0/threaded
www.securityfocus.com/bid/22694
www.ubuntu.com/usn/usn-428-1
www.vupen.com/english/advisories/2007/0718
www.vupen.com/english/advisories/2008/0083
bugzilla.mozilla.org/show_bug.cgi?id=347852
exchange.xforce.ibmcloud.com/vulnerabilities/32671
issues.rpath.com/browse/RPL-1081
issues.rpath.com/browse/RPL-1103
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9151
Related
5.9 Medium
AI Score
Confidence
Low
5.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:C/I:N/A:N
0.015 Low
EPSS
Percentile
86.8%