4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.014 Low
EPSS
Percentile
86.5%
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer
header to the window or frame in which script is running, instead of the
address of the content that initiated the script, which allows remote
attackers to spoof HTTP Referer headers and bypass Referer-based CSRF
protection schemes by setting window.location and using a modal alert
dialog that causes the wrong Referer to be sent.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | firefox | < 1.5.dfsg+1.5.0.14~prepatch071125a-0ubuntu1 | UNKNOWN |
ubuntu | 6.10 | noarch | firefox | < 2.0.0.10+0nobinonly-0ubuntu0.6.10 | UNKNOWN |
ubuntu | 7.04 | noarch | firefox | < 2.0.0.10+1nobinonly-0ubuntu1 | UNKNOWN |
ubuntu | 7.10 | noarch | firefox | < 2.0.0.10+2nobinonly-0ubuntu1.7.10.1 | UNKNOWN |