CVE-2007-0802

MEDIUM

Description

Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.

References

http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0516.html

http://kaneda.bohater.net/security/20070111-firefox_2.0.0.1_bypass_phishing_protection.php

http://osvdb.org/33705

http://www.securityfocus.com/archive/1/459265/100/0/threaded

https://bugzilla.mozilla.org/show_bug.cgi?id=367538

Details

Source: MITRE

Published: 2007-02-07

Updated: 2018-10-16

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM