CVE-2007-4879

MEDIUM

Description

Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.

References

http://0x90.eu/ff_tls_poc.html

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html

http://secunia.com/advisories/29526

http://secunia.com/advisories/29539

http://secunia.com/advisories/29541

http://secunia.com/advisories/29547

http://secunia.com/advisories/29558

http://secunia.com/advisories/29560

http://secunia.com/advisories/29616

http://secunia.com/advisories/29645

http://secunia.com/advisories/30327

http://secunia.com/advisories/30620

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128

http://www.debian.org/security/2008/dsa-1532

http://www.debian.org/security/2008/dsa-1534

http://www.debian.org/security/2008/dsa-1535

http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2008:080

http://www.mozilla.org/security/announce/2008/mfsa2008-17.html

http://www.securityfocus.com/archive/1/490196/100/0/threaded

http://www.securityfocus.com/bid/28448

http://www.securitytracker.com/id?1019704

http://www.ubuntu.com/usn/usn-592-1

http://www.us-cert.gov/cas/techalerts/TA08-087A.html

http://www.vupen.com/english/advisories/2008/0998/references

http://www.vupen.com/english/advisories/2008/1793/references

https://bugzilla.mozilla.org/show_bug.cgi?id=395399

Details

Source: MITRE

Published: 2007-09-13

Updated: 2018-10-30

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM