CVE-2007-3656

CVSS V2 Medium 6.8 CVSS V3 None
Description
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.
Overview
  • CVE ID
  • CVE-2007-3656
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2007-07-10T19:30:00
  • Last Modified Date
  • 2018-10-15T21:29:37
Weakness Enumerations
CWE URL
CWE-200 http://cwe.mitre.org/data/definitions/200.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 6.8
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://lcamtuf.coredump.cx/ffcache/ Exploit
https://bugzilla.mozilla.org/show_bug.cgi?id=387333 Exploit
http://www.securityfocus.com/bid/24831
http://www.mozilla.org/security/announce/2007/mfsa2007-24.html
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
http://www.debian.org/security/2007/dsa-1337
http://www.debian.org/security/2007/dsa-1338
http://www.debian.org/security/2007/dsa-1339
http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
http://www.redhat.com/support/errata/RHSA-2007-0722.html
http://www.redhat.com/support/errata/RHSA-2007-0724.html
ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
http://www.ubuntu.com/usn/usn-490-1
http://www.securitytracker.com/id?1018411
http://secunia.com/advisories/25990
http://secunia.com/advisories/26103
http://secunia.com/advisories/26107
http://secunia.com/advisories/25589
http://secunia.com/advisories/26179
http://secunia.com/advisories/26149
http://secunia.com/advisories/26151
http://secunia.com/advisories/26072
http://secunia.com/advisories/26211
http://secunia.com/advisories/26216
http://secunia.com/advisories/26204
http://secunia.com/advisories/26205
http://secunia.com/advisories/26159
http://secunia.com/advisories/26271
http://secunia.com/advisories/26258
http://secunia.com/advisories/26460
http://securityreason.com/securityalert/2872
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
http://secunia.com/advisories/28135
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://www.vupen.com/english/advisories/2007/4256
http://osvdb.org/38028
https://exchange.xforce.ibmcloud.com/vulnerabilities/35298
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9105
http://www.securityfocus.com/archive/1/474542/100/0/threaded
http://www.securityfocus.com/archive/1/474226/100/0/threaded
http://www.securityfocus.com/archive/1/473191/100/0/threaded
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2007-3656
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3656
History
Created Old Value New Value Data Type Notes
2022-05-10 18:21:38 Added to TrackCVE