CVE-2007-0800

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-0800
Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052209.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052211.html
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://rhn.redhat.com/errata/RHSA-2007-0077.html
http://secunia.com/advisories/24205
http://secunia.com/advisories/24238
http://secunia.com/advisories/24287
http://secunia.com/advisories/24290
http://secunia.com/advisories/24293
http://secunia.com/advisories/24320
http://secunia.com/advisories/24328
http://secunia.com/advisories/24333
http://secunia.com/advisories/24342
http://secunia.com/advisories/24343
http://secunia.com/advisories/24384
http://secunia.com/advisories/24393
http://secunia.com/advisories/24395
http://secunia.com/advisories/24437
http://secunia.com/advisories/24457
http://secunia.com/advisories/24650
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.mozilla.org/security/announce/2007/mfsa2007-05.html
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.osvdb.org/32108
http://www.redhat.com/support/errata/RHSA-2007-0078.html
http://www.redhat.com/support/errata/RHSA-2007-0079.html
http://www.redhat.com/support/errata/RHSA-2007-0097.html
http://www.redhat.com/support/errata/RHSA-2007-0108.html
http://www.securityfocus.com/archive/1/459162/100/0/threaded
http://www.securityfocus.com/archive/1/459163/100/0/threaded
http://www.securityfocus.com/archive/1/461336/100/0/threaded
http://www.securityfocus.com/archive/1/461809/100/0/threaded
http://www.securityfocus.com/bid/22396 Exploit Vendor Advisory
http://www.securityfocus.com/bid/22694
http://www.securitytracker.com/id?1017702
http://www.ubuntu.com/usn/usn-428-1
http://www.vupen.com/english/advisories/2007/0718
http://www.vupen.com/english/advisories/2008/0083
https://exchange.xforce.ibmcloud.com/vulnerabilities/32194
https://issues.rpath.com/browse/RPL-1081
https://issues.rpath.com/browse/RPL-1103
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10654
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052209.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052211.html
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://rhn.redhat.com/errata/RHSA-2007-0077.html
http://secunia.com/advisories/24205
http://secunia.com/advisories/24238
http://secunia.com/advisories/24287
http://secunia.com/advisories/24290
http://secunia.com/advisories/24293
http://secunia.com/advisories/24320
http://secunia.com/advisories/24328
http://secunia.com/advisories/24333
http://secunia.com/advisories/24342
http://secunia.com/advisories/24343
http://secunia.com/advisories/24384
http://secunia.com/advisories/24393
http://secunia.com/advisories/24395
http://secunia.com/advisories/24437
http://secunia.com/advisories/24457
http://secunia.com/advisories/24650
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.mozilla.org/security/announce/2007/mfsa2007-05.html
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.osvdb.org/32108
http://www.redhat.com/support/errata/RHSA-2007-0078.html
http://www.redhat.com/support/errata/RHSA-2007-0079.html
http://www.redhat.com/support/errata/RHSA-2007-0097.html
http://www.redhat.com/support/errata/RHSA-2007-0108.html
http://www.securityfocus.com/archive/1/459162/100/0/threaded
http://www.securityfocus.com/archive/1/459163/100/0/threaded
http://www.securityfocus.com/archive/1/461336/100/0/threaded
http://www.securityfocus.com/archive/1/461809/100/0/threaded
http://www.securityfocus.com/bid/22396 Exploit Vendor Advisory
http://www.securityfocus.com/bid/22694
http://www.securitytracker.com/id?1017702
http://www.ubuntu.com/usn/usn-428-1
http://www.vupen.com/english/advisories/2007/0718
http://www.vupen.com/english/advisories/2008/0083
https://exchange.xforce.ibmcloud.com/vulnerabilities/32194
https://issues.rpath.com/browse/RPL-1081
https://issues.rpath.com/browse/RPL-1103
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10654
Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
History

21 Nov 2024, 00:26

Type Values Removed Values Added
References () ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc - () ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc -
References () ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc - () ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc -
References () http://fedoranews.org/cms/node/2713 - () http://fedoranews.org/cms/node/2713 -
References () http://fedoranews.org/cms/node/2728 - () http://fedoranews.org/cms/node/2728 -
References () http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 - () http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 -
References () http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052209.html - () http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052209.html -
References () http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052211.html - () http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052211.html -
References () http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html - () http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html -
References () http://rhn.redhat.com/errata/RHSA-2007-0077.html - () http://rhn.redhat.com/errata/RHSA-2007-0077.html -
References () http://secunia.com/advisories/24205 - () http://secunia.com/advisories/24205 -
References () http://secunia.com/advisories/24238 - () http://secunia.com/advisories/24238 -
References () http://secunia.com/advisories/24287 - () http://secunia.com/advisories/24287 -
References () http://secunia.com/advisories/24290 - () http://secunia.com/advisories/24290 -
References () http://secunia.com/advisories/24293 - () http://secunia.com/advisories/24293 -
References () http://secunia.com/advisories/24320 - () http://secunia.com/advisories/24320 -
References () http://secunia.com/advisories/24328 - () http://secunia.com/advisories/24328 -
References () http://secunia.com/advisories/24333 - () http://secunia.com/advisories/24333 -
References () http://secunia.com/advisories/24342 - () http://secunia.com/advisories/24342 -
References () http://secunia.com/advisories/24343 - () http://secunia.com/advisories/24343 -
References () http://secunia.com/advisories/24384 - () http://secunia.com/advisories/24384 -
References () http://secunia.com/advisories/24393 - () http://secunia.com/advisories/24393 -
References () http://secunia.com/advisories/24395 - () http://secunia.com/advisories/24395 -
References () http://secunia.com/advisories/24437 - () http://secunia.com/advisories/24437 -
References () http://secunia.com/advisories/24457 - () http://secunia.com/advisories/24457 -
References () http://secunia.com/advisories/24650 - () http://secunia.com/advisories/24650 -
References () http://security.gentoo.org/glsa/glsa-200703-04.xml - () http://security.gentoo.org/glsa/glsa-200703-04.xml -
References () http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 - () http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 -
References () http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml - () http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 -
References () http://www.mozilla.org/security/announce/2007/mfsa2007-05.html - () http://www.mozilla.org/security/announce/2007/mfsa2007-05.html -
References () http://www.novell.com/linux/security/advisories/2007_22_mozilla.html - () http://www.novell.com/linux/security/advisories/2007_22_mozilla.html -
References () http://www.osvdb.org/32108 - () http://www.osvdb.org/32108 -
References () http://www.redhat.com/support/errata/RHSA-2007-0078.html - () http://www.redhat.com/support/errata/RHSA-2007-0078.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0079.html - () http://www.redhat.com/support/errata/RHSA-2007-0079.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0097.html - () http://www.redhat.com/support/errata/RHSA-2007-0097.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0108.html - () http://www.redhat.com/support/errata/RHSA-2007-0108.html -
References () http://www.securityfocus.com/archive/1/459162/100/0/threaded - () http://www.securityfocus.com/archive/1/459162/100/0/threaded -
References () http://www.securityfocus.com/archive/1/459163/100/0/threaded - () http://www.securityfocus.com/archive/1/459163/100/0/threaded -
References () http://www.securityfocus.com/archive/1/461336/100/0/threaded - () http://www.securityfocus.com/archive/1/461336/100/0/threaded -
References () http://www.securityfocus.com/archive/1/461809/100/0/threaded - () http://www.securityfocus.com/archive/1/461809/100/0/threaded -
References () http://www.securityfocus.com/bid/22396 - Exploit, Vendor Advisory () http://www.securityfocus.com/bid/22396 - Exploit, Vendor Advisory
References () http://www.securityfocus.com/bid/22694 - () http://www.securityfocus.com/bid/22694 -
References () http://www.securitytracker.com/id?1017702 - () http://www.securitytracker.com/id?1017702 -
References () http://www.ubuntu.com/usn/usn-428-1 - () http://www.ubuntu.com/usn/usn-428-1 -
References () http://www.vupen.com/english/advisories/2007/0718 - () http://www.vupen.com/english/advisories/2007/0718 -
References () http://www.vupen.com/english/advisories/2008/0083 - () http://www.vupen.com/english/advisories/2008/0083 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/32194 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/32194 -
References () https://issues.rpath.com/browse/RPL-1081 - () https://issues.rpath.com/browse/RPL-1081 -
References () https://issues.rpath.com/browse/RPL-1103 - () https://issues.rpath.com/browse/RPL-1103 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10654 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10654 -
Information

Published : 2007-02-07 11:28

Updated : 2024-11-21 00:26

NVD link : CVE-2007-0800

Mitre link : CVE-2007-0800

CVE.ORG link : CVE-2007-0800

JSON object : View

Products Affected

mozilla

  • firefox
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024