National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2007-2871 Detail

Description

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.

Source:  MITRE      Last Modified:  05/31/2007

Quick Info

CVE Dictionary Entry:
CVE-2007-2871
Original release date:
05/31/2007
Last revised:
10/10/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
4.3 MEDIUM
Vector:
(AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore:
2.9
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector:
Network exploitable - Victim must voluntarily interact with attack mechanism
Access Complexity:
Medium
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized modification

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 External Source HP SSRT061181
http://security.gentoo.org/glsa/glsa-200706-06.xml External Source GENTOO GLSA-200706-06
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857 External Source SLACKWARE SSA:2007-152-02
http://www.debian.org/security/2007/dsa-1300 External Source DEBIAN DSA-1300
http://www.debian.org/security/2007/dsa-1306 External Source DEBIAN DSA-1306
http://www.debian.org/security/2007/dsa-1308 External Source DEBIAN DSA-1308
http://www.mandriva.com/security/advisories?name=MDKSA-2007:120 External Source MANDRIVA MDKSA-2007:120
http://www.mandriva.com/security/advisories?name=MDKSA-2007:126 External Source MANDRIVA MDKSA-2007:126
http://www.mozilla.org/security/announce/2007/mfsa2007-17.html Vendor Advisory External Source CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-17.html
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html External Source SUSE SUSE-SA:2007:036
http://www.redhat.com/support/errata/RHSA-2007-0400.html External Source REDHAT RHSA-2007:0400
http://www.redhat.com/support/errata/RHSA-2007-0401.html External Source REDHAT RHSA-2007:0401
http://www.redhat.com/support/errata/RHSA-2007-0402.html External Source REDHAT RHSA-2007:0402
http://www.securityfocus.com/archive/1/archive/1/470172/100/200/threaded External Source BUGTRAQ 20070531 FLEA-2007-0023-1: firefox
http://www.securityfocus.com/bid/24242 External Source BID 24242
http://www.securitytracker.com/id?1018155 External Source SECTRACK 1018155
http://www.securitytracker.com/id?1018156 External Source SECTRACK 1018156
http://www.ubuntu.com/usn/usn-468-1 External Source UBUNTU USN-468-1
http://www.us-cert.gov/cas/techalerts/TA07-151A.html US Government Resource External Source CERT TA07-151A
http://www.vupen.com/english/advisories/2007/1994 External Source VUPEN ADV-2007-1994
https://exchange.xforce.ibmcloud.com/vulnerabilities/34606 External Source XF mozilla-xulpopups-spoofing(34606)
https://issues.rpath.com/browse/RPL-1424 External Source CONFIRM https://issues.rpath.com/browse/RPL-1424
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11433 External Source OVAL oval:org.mitre.oval:def:11433

References to Check Content

Identifier:
oval:org.mitre.oval:def:11433
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11433

Technical Details

Vulnerability Type (View All)

Change History 3 change records found - show changes