Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2007-5960

Published: 26/11/2007 Updated: 13/02/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Mozilla

Vulnerability Summary

Mozilla Firefox prior to 2.0.0.10 and SeaMonkey prior to 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote malicious users to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox 0.8

mozilla firefox 1.5.2

mozilla firefox 1.5.0.6

mozilla firefox 1.8

mozilla firefox 2.0.0.2

mozilla firefox 1.5.0.10

mozilla firefox 1.5.0.3

mozilla firefox 1.5.0.11

mozilla firefox 1.5.4

mozilla firefox 1.0.2

mozilla firefox 1.5

mozilla firefox 0.9.1

mozilla firefox 1.0.4

mozilla firefox 2.0.0.7

mozilla firefox 1.0.7

mozilla firefox 2.0.0.9

mozilla firefox 0.10.1

mozilla firefox 0.9

mozilla firefox 1.5.6

mozilla firefox 1.0

mozilla firefox 1.5.0.7

mozilla firefox 2.0

mozilla firefox 1.0.1

mozilla firefox 1.5.0.8

mozilla firefox 2.0.0.3

mozilla firefox 1.5.0.9

mozilla firefox 1.5.0.5

mozilla firefox 1.5.7

mozilla firefox 1.5.0.12

mozilla firefox 2.0.0.6

mozilla firefox 1.5.0.2

mozilla firefox 1.0.3

mozilla firefox 2.0.0.4

mozilla firefox 1.5.1

mozilla firefox 0.9.3

mozilla firefox 2.0.0.1

mozilla firefox 1.5.5

mozilla firefox 0.9.2

mozilla firefox 2.0.0.8

mozilla firefox 1.5.8

mozilla firefox 1.5.3

mozilla firefox 1.5.0.4

mozilla firefox 1.5.0.1

mozilla firefox 0.10

mozilla firefox 1.0.5

mozilla firefox 2.0.0.5

mozilla firefox 1.0.6

mozilla firefox 1.0.8

mozilla seamonkey

Vendor Advisories

Ubuntu Security Notice: firefox regression
USN-546-1 fixed vulnerabilities in Firefox The upstream update included a faulty patch which caused the drawImage method of the canvas element to fail This update fixes the problem ...
Ubuntu Security Notice: firefox vulnerabilities
It was discovered that Firefox incorrectly associated redirected sites as the origin of “jar:” contents A malicious web site could exploit this to modify or steal confidential data (such as passwords) from other web sites (CVE-2007-5947) ...
Debian Security Advisories: DSA-1425-1 xulrunner -- several vulnerabilities
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5947 Jesse Ruderman and Petko D Petkov discovered that the URI handler for JAR archives allows cross-site scripting CVE-2007-5959 Se ...
Debian Security Advisories: DSA-1424-1 iceweasel -- several vulnerabilities
Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5947 Jesse Ruderman and Petko D Petkov discovered that the URI handler for JAR archives allows cross-site scripting CVE ...
Mozilla: Referer-spoofing via window.location race condition
Mozilla Foundation Security Advisory 2007-39 Referer-spoofing via windowlocation race condition Announced November 26, 2007 Reporter Gregory Fleischer Impact High Products Firefox, SeaMonkey Fixed in ...

References

CWE-22http://www.mozilla.org/security/announce/2007/mfsa2007-39.htmlhttp://www.debian.org/security/2007/dsa-1424http://www.debian.org/security/2007/dsa-1425http://www.redhat.com/support/errata/RHSA-2007-1082.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1084.htmlhttp://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.htmlhttp://www.ubuntu.com/usn/usn-546-2http://www.securityfocus.com/bid/26589http://securitytracker.com/id?1018995http://secunia.com/advisories/27725http://secunia.com/advisories/27793http://secunia.com/advisories/27796http://secunia.com/advisories/27797http://secunia.com/advisories/27816http://secunia.com/advisories/27944http://secunia.com/advisories/27957http://secunia.com/advisories/28001http://bugs.gentoo.org/show_bug.cgi?id=198965http://bugs.gentoo.org/show_bug.cgi?id=200909https://issues.rpath.com/browse/RPL-1984http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260http://security.gentoo.org/glsa/glsa-200712-21.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:246http://www.redhat.com/support/errata/RHSA-2007-1083.htmlhttp://secunia.com/advisories/28016http://secunia.com/advisories/27955http://secunia.com/advisories/28171http://secunia.com/advisories/28277http://browser.netscape.com/releasenotes/http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374833http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.365006http://secunia.com/advisories/27800http://secunia.com/advisories/27838http://secunia.com/advisories/27845http://secunia.com/advisories/28398https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01011.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-December/msg00168.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-December/msg00135.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-December/msg00115.htmlhttp://secunia.com/advisories/27855http://secunia.com/advisories/27979http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1http://wiki.rpath.com/Advisories:rPSA-2008-0093http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093https://issues.rpath.com/browse/RPL-1995http://secunia.com/advisories/29164http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1http://www.vupen.com/english/advisories/2007/4002http://www.vupen.com/english/advisories/2008/0083http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://www.vupen.com/english/advisories/2007/4018http://www.vupen.com/english/advisories/2008/0643https://exchange.xforce.ibmcloud.com/vulnerabilities/38644https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9794https://usn.ubuntu.com/546-1/http://www.securityfocus.com/archive/1/488971/100/0/threadedhttp://www.securityfocus.com/archive/1/488002/100/0/threadedhttps://nvd.nist.govhttps://usn.ubuntu.com/546-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook