CVE-2007-0779

MEDIUM

Description

GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor.

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

http://fedoranews.org/cms/node/2713

http://fedoranews.org/cms/node/2728

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

http://osvdb.org/32109

http://rhn.redhat.com/errata/RHSA-2007-0077.html

http://secunia.com/advisories/24205

http://secunia.com/advisories/24238

http://secunia.com/advisories/24287

http://secunia.com/advisories/24290

http://secunia.com/advisories/24293

http://secunia.com/advisories/24320

http://secunia.com/advisories/24328

http://secunia.com/advisories/24333

http://secunia.com/advisories/24342

http://secunia.com/advisories/24343

http://secunia.com/advisories/24384

http://secunia.com/advisories/24393

http://secunia.com/advisories/24395

http://secunia.com/advisories/24437

http://secunia.com/advisories/24455

http://secunia.com/advisories/24457

http://secunia.com/advisories/24650

http://security.gentoo.org/glsa/glsa-200703-04.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2007:050

http://www.mozilla.org/security/announce/2007/mfsa2007-04.html

http://www.novell.com/linux/security/advisories/2007_22_mozilla.html

http://www.redhat.com/support/errata/RHSA-2007-0078.html

http://www.redhat.com/support/errata/RHSA-2007-0079.html

http://www.redhat.com/support/errata/RHSA-2007-0097.html

http://www.redhat.com/support/errata/RHSA-2007-0108.html

http://www.securityfocus.com/archive/1/461336/100/0/threaded

http://www.securityfocus.com/archive/1/461809/100/0/threaded

http://www.securityfocus.com/bid/22694

http://www.securitytracker.com/id?1017700

http://www.ubuntu.com/usn/usn-428-1

http://www.vupen.com/english/advisories/2007/0718

http://www.vupen.com/english/advisories/2008/0083

https://bugzilla.mozilla.org/show_bug.cgi?id=361298

https://issues.rpath.com/browse/RPL-1081

https://issues.rpath.com/browse/RPL-1103

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8757

Details

Source: MITRE

Published: 2007-02-26

Updated: 2018-10-16

Risk Information

CVSS v2.0

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9_rc:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.99:*:*:*:*:*:*:*

Tenable Plugins

View all (35 total)

IDNameProductFamilySeverity
67455Oracle Linux 4 : Firefox (ELSA-2007-0079)NessusOracle Linux Local Security Checks
high
67454Oracle Linux 4 : thunderbird (ELSA-2007-0078)NessusOracle Linux Local Security Checks
high
67453Oracle Linux 3 / 4 : seamonkey (ELSA-2007-0077)NessusOracle Linux Local Security Checks
high
67452Oracle Linux 4 : seamonkey (ELSA-2007-0077-2)NessusOracle Linux Local Security Checks
high
63841RHEL 5 : thunderbird (RHSA-2007:0108)NessusRed Hat Local Security Checks
high
29359SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 2683)NessusSuSE Local Security Checks
high
28022Ubuntu 6.06 LTS : firefox regression (USN-428-2)NessusUbuntu Local Security Checks
high
28021Ubuntu 5.10 / 6.06 LTS / 6.10 : firefox vulnerabilities (USN-428-1)NessusUbuntu Local Security Checks
high
27440openSUSE 10 Security Update : seamonkey (seamonkey-2811)NessusSuSE Local Security Checks
high
27439openSUSE 10 Security Update : seamonkey (seamonkey-2691)NessusSuSE Local Security Checks
high
27119openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2699)NessusSuSE Local Security Checks
high
27118openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2647)NessusSuSE Local Security Checks
high
25318RHEL 5 : firefox (RHSA-2007:0097)NessusRed Hat Local Security Checks
high
3942LedgerSMB / SQL-Ledger Authentication BypassNessus Network MonitorWeb Servers
medium
24800GLSA-200703-08 : SeaMonkey: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
24791Slackware 11.0 : seamonkey (SSA:2007-066-05)NessusSlackware Local Security Checks
high
24789Slackware 10.2 / 11.0 : mozilla-firefox (SSA:2007-066-03)NessusSlackware Local Security Checks
high
24774RHEL 4 : thunderbird (RHSA-2007:0078)NessusRed Hat Local Security Checks
high
24771GLSA-200703-04 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
24763CentOS 4 : thunderbird (CESA-2007:0078)NessusCentOS Local Security Checks
high
3931Mozilla Thunderbird < 1.5.0.10 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
medium
24753Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2007:050-1)NessusMandriva Local Security Checks
high
3927SeaMonkey < 1.0.8 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
24735SeaMonkey < 1.0.8 Multiple VulnerabilitiesNessusWindows
high
24729Fedora Core 6 : devhelp-0.12-10.fc6 / epiphany-2.16.3-2.fc6 / firefox-1.5.0.10-1.fc6 / etc (2007-293)NessusFedora Local Security Checks
high
24716Fedora Core 5 : firefox-1.5.0.10-1.fc5 (2007-281)NessusFedora Local Security Checks
high
3922Mozilla Firefox < 1.5.0.10 / 2.0.0.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
24708RHEL 4 : Firefox (RHSA-2007:0079)NessusRed Hat Local Security Checks
high
24707RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:0077)NessusRed Hat Local Security Checks
high
24705FreeBSD : mozilla -- multiple vulnerabilities (12bd6ecf-c430-11db-95c5-000c6ec775d9)NessusFreeBSD Local Security Checks
high
24704CentOS 4 : firefox (CESA-2007:0079)NessusCentOS Local Security Checks
high
24703CentOS 3 / 4 : seamonkey (CESA-2007:0077)NessusCentOS Local Security Checks
high
24701Firefox < 1.5.0.10 / 2.0.0.2 Multiple VulnerabilitiesNessusWindows
high
800879SeaMonkey < 1.0.8 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800760Firefox < 1.5.0.10 / 2.0.0.2 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high