Published: 13/09/2007 Updated: 30/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey prior to 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 1.0.4
mozilla firefox 1.0.7
mozilla firefox 1.0.6
mozilla firefox 1.5.0.2
mozilla firefox 1.5.0.3
mozilla firefox 1.5.4
mozilla firefox 1.5.1
mozilla firefox 1.5.8
mozilla firefox 1.5.7
mozilla firefox 2.0.0.2
mozilla firefox 2.0.0.3
mozilla firefox
mozilla firefox 0.10
mozilla firefox 0.6.1
mozilla firefox 0.7
mozilla firefox 1.0
mozilla firefox 1.0.3
mozilla firefox 1.4.1
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.10
mozilla firefox 1.5.0.9
mozilla firefox 1.5.0.6
mozilla firefox 2.0
mozilla firefox 2.0.0.1
mozilla firefox 2.0.0.6
mozilla firefox 2.0.0.7
mozilla firefox 0.9.1
mozilla firefox 0.9
mozilla firefox 0.4
mozilla firefox 0.5
mozilla firefox 1.0.1
mozilla firefox 1.5
mozilla firefox 1.0.8
mozilla firefox 1.5.0.11
mozilla firefox 1.5.0.12
mozilla firefox 1.5.2
mozilla firefox 1.5.0.8
mozilla firefox 1.5.6
mozilla firefox 1.5.5
mozilla firefox 2.0.0.4
mozilla firefox 2.0.0.5
mozilla firefox 0.8
mozilla firefox 0.10.1
mozilla firefox 0.7.1
mozilla firefox 0.3
mozilla firefox 0.2
mozilla firefox 1.0.2
mozilla firefox 1.0.5
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.5
mozilla firefox 1.5.3
mozilla firefox 1.5.0.7
mozilla firefox 1.8
mozilla firefox 2.0.0.10
mozilla firefox 2.0.0.11
mozilla firefox 2.0.0.8
mozilla firefox 2.0.0.9
mozilla firefox 0.9.3
mozilla firefox 0.9.2
mozilla firefox 0.6
mozilla firefox 0.1
mozilla seamonkey 1.0.2
mozilla seamonkey 1.0.3
mozilla seamonkey 1.0
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.8
mozilla seamonkey 1.0.9
mozilla seamonkey
mozilla seamonkey 1.0.6
mozilla seamonkey 1.0.7
mozilla seamonkey 1.1
mozilla seamonkey 1.1.3
mozilla seamonkey 1.1.2
mozilla seamonkey 1.1.7
mozilla seamonkey 1.1.6
mozilla seamonkey 1.0.4
mozilla seamonkey 1.0.5
mozilla seamonkey 1.1.1
mozilla seamonkey 1.1.5
mozilla seamonkey 1.1.4

Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered flaws in Firefox’s character encoding handling If a user were tricked into opening a malicious web page, an attacker could perform cross-site scripting attacks (CVE-2008-0416) ...

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracke ...

Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead ...

Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users ...

Mozilla Foundation Security Advisory 2008-17 Privacy issue with SSL Client Authentication Announced March 25, 2008 Reporter Peter Brodersen and Alexander Klink Impact Low Products Firefox, SeaMonkey Fixed in ...

CVE-2007-4879

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect