CVE-2007-2871

MEDIUM

Description

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://osvdb.org/35137

http://secunia.com/advisories/25469

http://secunia.com/advisories/25476

http://secunia.com/advisories/25488

http://secunia.com/advisories/25490

http://secunia.com/advisories/25491

http://secunia.com/advisories/25533

http://secunia.com/advisories/25534

http://secunia.com/advisories/25559

http://secunia.com/advisories/25635

http://secunia.com/advisories/25647

http://secunia.com/advisories/25685

http://secunia.com/advisories/25750

http://secunia.com/advisories/25858

http://security.gentoo.org/glsa/glsa-200706-06.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857

http://www.debian.org/security/2007/dsa-1300

http://www.debian.org/security/2007/dsa-1306

http://www.debian.org/security/2007/dsa-1308

http://www.mandriva.com/security/advisories?name=MDKSA-2007:120

http://www.mandriva.com/security/advisories?name=MDKSA-2007:126

http://www.mozilla.org/security/announce/2007/mfsa2007-17.html

http://www.novell.com/linux/security/advisories/2007_36_mozilla.html

http://www.redhat.com/support/errata/RHSA-2007-0400.html

http://www.redhat.com/support/errata/RHSA-2007-0401.html

http://www.redhat.com/support/errata/RHSA-2007-0402.html

http://www.securityfocus.com/archive/1/470172/100/200/threaded

http://www.securityfocus.com/bid/24242

http://www.securitytracker.com/id?1018155

http://www.securitytracker.com/id?1018156

http://www.ubuntu.com/usn/usn-468-1

http://www.us-cert.gov/cas/techalerts/TA07-151A.html

http://www.vupen.com/english/advisories/2007/1994

https://exchange.xforce.ibmcloud.com/vulnerabilities/34606

https://issues.rpath.com/browse/RPL-1424

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11433

Details

Source: MITRE

Published: 2007-06-01

Updated: 2018-10-16

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM