CVE-2007-0802

MEDIUM

Description

Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.

References

http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0516.html

http://kaneda.bohater.net/security/20070111-firefox_2.0.0.1_bypass_phishing_protection.php

http://osvdb.org/33705

http://www.securityfocus.com/archive/1/459265/100/0/threaded

https://bugzilla.mozilla.org/show_bug.cgi?id=367538

Details

Source: MITRE

Published: 2007-02-07

Updated: 2018-10-16

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (6 total)

ID	Name	Product	Family	Severity
24735	SeaMonkey < 1.0.8 Multiple Vulnerabilities	Nessus	Windows	high
3927	SeaMonkey < 1.0.8 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
3922	Mozilla Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
24701	Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities	Nessus	Windows	high
800879	SeaMonkey < 1.0.8 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
800760	Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high