what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2007-5960

Status Candidate

Overview

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

Related Files

Gentoo Linux Security Advisory 200712-21
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-21 - Jesse Ruderman and Petko D. Petkov reported that the jar protocol handler in Mozilla Firefox and Seamonkey does not properly check MIME types (CVE-2007-5947). Gregory Fleischer reported that the window.location property can be used to generate a fake HTTP Referer (CVE-2007-5960). Multiple memory errors have also been reported (CVE-2007-5959). Versions less than 2.0.0.11 are affected.

tags | advisory, web, protocol
systems | linux, gentoo
advisories | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960
SHA-256 | 244d0fd277ba8fac81e13a718b0d70f27593de6f68f4ffcc21be93c9017b2b37
Download | Favorite | View
Mandriva Linux Security Advisory 2007.246
Posted Dec 14, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.11.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960
SHA-256 | 3a44ac9de2c4396bed24377eb4612c6e732c83da09e25a365607275d31922402
Download | Favorite | View
Debian Linux Security Advisory 1425-1
Posted Dec 8, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1425-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960
SHA-256 | bc9da4ebc8482992a1764e554998871fa34bace3215be4be99b5e18fd4a570e9
Download | Favorite | View
Debian Linux Security Advisory 1424-1
Posted Dec 8, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1424-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.

tags | advisory, remote, web, vulnerability
systems | linux, debian
advisories | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960
SHA-256 | 0b20d0bafd53e150a885eb49067d4cd05ed44445abe390f048728fd918cd9cc3
Download | Favorite | View
Ubuntu Security Notice 546-2
Posted Dec 6, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 546-2 - USN-546-1 fixed vulnerabilities in Firefox. The upstream update included a faulty patch which caused the drawImage method of the canvas element to fail.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960
SHA-256 | cd6620ec6ef11dcd2e4ad14c25d074f47f1e99e49f81174d1ae8cd195e713a76
Download | Favorite | View
Ubuntu Security Notice 546-1
Posted Nov 27, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 546-1 - It was discovered that Firefox incorrectly associated redirected sites as the origin of "jar:" contents. A malicious web site could exploit this to modify or steal confidential data (such as passwords) from other web sites. Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. Gregory Fleischer discovered that it was possible to use JavaScript to manipulate Firefox's Referer header. A malicious web site could exploit this to conduct cross-site request forgeries against sites that relied only on Referer headers for protection from such attacks.

tags | advisory, web, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960
SHA-256 | eea6986dd7177cff71510c5348f3b44123fb42e4e12c02afbd9a3deb373ed2bf
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close