CVE-2007-1084

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-1084
Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0490.html
http://lcamtuf.coredump.cx/ffbook
http://lcamtuf.coredump.cx/ffbook/
http://osvdb.org/33803
http://securityreason.com/securityalert/2304
http://www.heise-security.co.uk/news/85728
http://www.securityfocus.com/archive/1/460885/100/0/threaded
http://www.securityfocus.com/archive/1/460890/100/0/threaded
http://www.securityfocus.com/archive/1/460896/100/0/threaded
http://www.securityfocus.com/archive/1/461021/100/0/threaded
http://www.securityfocus.com/bid/22666
https://bugzilla.mozilla.org/show_bug.cgi?id=371179
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0490.html
http://lcamtuf.coredump.cx/ffbook
http://lcamtuf.coredump.cx/ffbook/
http://osvdb.org/33803
http://securityreason.com/securityalert/2304
http://www.heise-security.co.uk/news/85728
http://www.securityfocus.com/archive/1/460885/100/0/threaded
http://www.securityfocus.com/archive/1/460890/100/0/threaded
http://www.securityfocus.com/archive/1/460896/100/0/threaded
http://www.securityfocus.com/archive/1/461021/100/0/threaded
http://www.securityfocus.com/bid/22666
https://bugzilla.mozilla.org/show_bug.cgi?id=371179
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
History

21 Nov 2024, 00:27

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0490.html - () http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0490.html -
References () http://lcamtuf.coredump.cx/ffbook - () http://lcamtuf.coredump.cx/ffbook -
References () http://lcamtuf.coredump.cx/ffbook/ - () http://lcamtuf.coredump.cx/ffbook/ -
References () http://osvdb.org/33803 - () http://osvdb.org/33803 -
References () http://securityreason.com/securityalert/2304 - () http://securityreason.com/securityalert/2304 -
References () http://www.heise-security.co.uk/news/85728 - () http://www.heise-security.co.uk/news/85728 -
References () http://www.securityfocus.com/archive/1/460885/100/0/threaded - () http://www.securityfocus.com/archive/1/460885/100/0/threaded -
References () http://www.securityfocus.com/archive/1/460890/100/0/threaded - () http://www.securityfocus.com/archive/1/460890/100/0/threaded -
References () http://www.securityfocus.com/archive/1/460896/100/0/threaded - () http://www.securityfocus.com/archive/1/460896/100/0/threaded -
References () http://www.securityfocus.com/archive/1/461021/100/0/threaded - () http://www.securityfocus.com/archive/1/461021/100/0/threaded -
References () http://www.securityfocus.com/bid/22666 - () http://www.securityfocus.com/bid/22666 -
References () https://bugzilla.mozilla.org/show_bug.cgi?id=371179 - () https://bugzilla.mozilla.org/show_bug.cgi?id=371179 -
Information

Published : 2007-02-23 02:28

Updated : 2024-11-21 00:27

NVD link : CVE-2007-1084

Mitre link : CVE-2007-1084

CVE.ORG link : CVE-2007-1084

JSON object : View

Products Affected

mozilla

  • firefox
CWE
CWE-16

Configuration


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024