Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2007-5960

Опубликовано: 26 нояб. 2007
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.3

Описание

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

РелизСтатусПримечание
dapper

released

1.5.dfsg+1.5.0.14~prepatch071125a-0ubuntu1
devel

not-affected

2.0.0.10+2nobinonly-0ubuntu2
edgy

released

2.0.0.10+0nobinonly-0ubuntu0.6.10
feisty

released

2.0.0.10+1nobinonly-0ubuntu1
gutsy

released

2.0.0.10+2nobinonly-0ubuntu1.7.10.1
upstream

released

2.0.0.10

Показывать по

Ссылки на источники

EPSS

Процентиль: 71%
0.00686
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2007-5960

redhat
больше 17 лет назад

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

nvd логотип

CVE-2007-5960

nvd
больше 17 лет назад

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

debian логотип

CVE-2007-5960

debian
больше 17 лет назад

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Re ...

github логотип

GHSA-9vw2-7m33-r6hw

github
больше 3 лет назад

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

oracle-oval логотип

ELSA-2007-1082

oracle-oval
больше 17 лет назад

ELSA-2007-1082: Critical: firefox security update (CRITICAL)

EPSS

Процентиль: 71%
0.00686
Низкий

4.3 Medium

CVSS2