CVE-2007-5334

critical

Description

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute.

References

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html

https://usn.ubuntu.com/535-1/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11482

https://issues.rpath.com/browse/RPL-1858

https://exchange.xforce.ibmcloud.com/vulnerabilities/37286

https://bugzilla.mozilla.org/show_bug.cgi?id=391043

http://www.vupen.com/english/advisories/2008/0083

http://www.vupen.com/english/advisories/2007/3587

http://www.vupen.com/english/advisories/2007/3544

http://www.ubuntu.com/usn/usn-536-1

http://www.securityfocus.com/bid/26132

http://www.securityfocus.com/archive/1/482932/100/200/threaded

http://www.securityfocus.com/archive/1/482925/100/0/threaded

http://www.securityfocus.com/archive/1/482876/100/200/threaded

http://www.redhat.com/support/errata/RHSA-2007-0981.html

http://www.redhat.com/support/errata/RHSA-2007-0980.html

http://www.redhat.com/support/errata/RHSA-2007-0979.html

http://www.novell.com/linux/security/advisories/2007_57_mozilla.html

http://www.mozilla.org/security/announce/2007/mfsa2007-33.html

http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202

http://www.kb.cert.org/vuls/id/349217

http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml

http://www.debian.org/security/2007/dsa-1401

http://www.debian.org/security/2007/dsa-1396

http://www.debian.org/security/2007/dsa-1392

http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

http://securitytracker.com/id?1018837

http://secunia.com/advisories/28398

http://secunia.com/advisories/27680

http://secunia.com/advisories/27665

http://secunia.com/advisories/27480

http://secunia.com/advisories/27425

http://secunia.com/advisories/27414

http://secunia.com/advisories/27403

http://secunia.com/advisories/27387

http://secunia.com/advisories/27383

http://secunia.com/advisories/27360

http://secunia.com/advisories/27356

http://secunia.com/advisories/27336

http://secunia.com/advisories/27335

http://secunia.com/advisories/27327

http://secunia.com/advisories/27325

http://secunia.com/advisories/27315

http://secunia.com/advisories/27311

http://secunia.com/advisories/27298

http://secunia.com/advisories/27276

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Details

Source: Mitre, NVD

Published: 2007-10-21

Updated: 2018-10-15

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical