exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2007-5960

Status Candidate

Overview

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

Related Files

Gentoo Linux Security Advisory 200712-21
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-21 - Jesse Ruderman and Petko D. Petkov reported that the jar protocol handler in Mozilla Firefox and Seamonkey does not properly check MIME types (CVE-2007-5947). Gregory Fleischer reported that the window.location property can be used to generate a fake HTTP Referer (CVE-2007-5960). Multiple memory errors have also been reported (CVE-2007-5959). Versions less than 2.0.0.11 are affected.

tags | advisory, web, protocol
systems | linux, gentoo
advisories | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960
SHA-256 | 244d0fd277ba8fac81e13a718b0d70f27593de6f68f4ffcc21be93c9017b2b37
Mandriva Linux Security Advisory 2007.246
Posted Dec 14, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.11.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960
SHA-256 | 3a44ac9de2c4396bed24377eb4612c6e732c83da09e25a365607275d31922402
Debian Linux Security Advisory 1425-1
Posted Dec 8, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1425-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960
SHA-256 | bc9da4ebc8482992a1764e554998871fa34bace3215be4be99b5e18fd4a570e9
Debian Linux Security Advisory 1424-1
Posted Dec 8, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1424-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.

tags | advisory, remote, web, vulnerability
systems | linux, debian
advisories | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960
SHA-256 | 0b20d0bafd53e150a885eb49067d4cd05ed44445abe390f048728fd918cd9cc3
Ubuntu Security Notice 546-2
Posted Dec 6, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 546-2 - USN-546-1 fixed vulnerabilities in Firefox. The upstream update included a faulty patch which caused the drawImage method of the canvas element to fail.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960
SHA-256 | cd6620ec6ef11dcd2e4ad14c25d074f47f1e99e49f81174d1ae8cd195e713a76
Ubuntu Security Notice 546-1
Posted Nov 27, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 546-1 - It was discovered that Firefox incorrectly associated redirected sites as the origin of "jar:" contents. A malicious web site could exploit this to modify or steal confidential data (such as passwords) from other web sites. Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. Gregory Fleischer discovered that it was possible to use JavaScript to manipulate Firefox's Referer header. A malicious web site could exploit this to conduct cross-site request forgeries against sites that relied only on Referer headers for protection from such attacks.

tags | advisory, web, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960
SHA-256 | eea6986dd7177cff71510c5348f3b44123fb42e4e12c02afbd9a3deb373ed2bf
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close