CVE-2007-3656

MEDIUM

Description

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.

References

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt

ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://lcamtuf.coredump.cx/ffcache/

http://osvdb.org/38028

http://secunia.com/advisories/25589

http://secunia.com/advisories/25990

http://secunia.com/advisories/26072

http://secunia.com/advisories/26103

http://secunia.com/advisories/26107

http://secunia.com/advisories/26149

http://secunia.com/advisories/26151

http://secunia.com/advisories/26159

http://secunia.com/advisories/26179

http://secunia.com/advisories/26204

http://secunia.com/advisories/26205

http://secunia.com/advisories/26211

http://secunia.com/advisories/26216

http://secunia.com/advisories/26258

http://secunia.com/advisories/26271

http://secunia.com/advisories/26460

http://secunia.com/advisories/28135

http://securityreason.com/securityalert/2872

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html

http://www.debian.org/security/2007/dsa-1337

http://www.debian.org/security/2007/dsa-1338

http://www.debian.org/security/2007/dsa-1339

http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2007:152

http://www.mozilla.org/security/announce/2007/mfsa2007-24.html

http://www.novell.com/linux/security/advisories/2007_49_mozilla.html

http://www.redhat.com/support/errata/RHSA-2007-0722.html

http://www.redhat.com/support/errata/RHSA-2007-0724.html

http://www.securityfocus.com/archive/1/473191/100/0/threaded

http://www.securityfocus.com/archive/1/474226/100/0/threaded

http://www.securityfocus.com/archive/1/474542/100/0/threaded

http://www.securityfocus.com/bid/24831

http://www.securitytracker.com/id?1018411

http://www.ubuntu.com/usn/usn-490-1

http://www.vupen.com/english/advisories/2007/4256

https://bugzilla.mozilla.org/show_bug.cgi?id=387333

https://exchange.xforce.ibmcloud.com/vulnerabilities/35298

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9105

Details

Source: MITRE

Published: 2007-07-10

Updated: 2018-10-15

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM