CVE-2007-5960

2007-11-2600:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.014 Low

EPSS

Percentile

86.5%

JSON

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer
header to the window or frame in which script is running, instead of the
address of the content that initiated the script, which allows remote
attackers to spoof HTTP Referer headers and bypass Referer-based CSRF
protection schemes by setting window.location and using a modal alert
dialog that causes the wrong Referer to be sent.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchfirefox< 1.5.dfsg+1.5.0.14~prepatch071125a-0ubuntu1UNKNOWN
ubuntu6.10noarchfirefox< 2.0.0.10+0nobinonly-0ubuntu0.6.10UNKNOWN
ubuntu7.04noarchfirefox< 2.0.0.10+1nobinonly-0ubuntu1UNKNOWN
ubuntu7.10noarchfirefox< 2.0.0.10+2nobinonly-0ubuntu1.7.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	firefox	< 1.5.dfsg+1.5.0.14~prepatch071125a-0ubuntu1	UNKNOWN
ubuntu	6.10	noarch	firefox	< 2.0.0.10+0nobinonly-0ubuntu0.6.10	UNKNOWN
ubuntu	7.04	noarch	firefox	< 2.0.0.10+1nobinonly-0ubuntu1	UNKNOWN
ubuntu	7.10	noarch	firefox	< 2.0.0.10+2nobinonly-0ubuntu1.7.10.1	UNKNOWN