CVE-2007-5337

CVSS V2 Medium 4.3 CVSS V3 None

Description

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.

Overview

CVE ID
CVE-2007-5337

Assigner
secalert@redhat.com

Vulnerability Status
Modified

Published Version
2007-10-21T20:17:00

Last Modified Date
2018-10-15T21:43:03

Weakness Enumerations

CWE	URL
CWE-200	http://cwe.mitre.org/data/definitions/200.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
		AND
cpe:2.3:o:linux:linux_kernel::::::::	0	OR
cpe:2.3:a:gnome:gnome-vfs::::::::	1	OR
cpe:2.3:a:mozilla:firefox::::::::	1	OR	2.0.0.7
cpe:2.3:a:mozilla:seamonkey::::::::	1	OR	1.1.4

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector
NETWORK

Access Compatibility
MEDIUM

Authentication
NONE

Confidentiality Impact
PARTIAL

Integrity Impact
NONE

Availability Impact
NONE

Base Score
4.3

Severity
MEDIUM

Exploitability Score
8.6

Impact Score
2.9

References

Reference URL	Reference Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=381146
http://www.mozilla.org/security/announce/2007/mfsa2007-34.html	Patch
https://issues.rpath.com/browse/RPL-1858
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
http://www.debian.org/security/2007/dsa-1396
http://www.debian.org/security/2007/dsa-1401
http://www.debian.org/security/2007/dsa-1392
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
http://www.redhat.com/support/errata/RHSA-2007-0979.html
http://www.redhat.com/support/errata/RHSA-2007-0980.html
http://www.redhat.com/support/errata/RHSA-2007-0981.html
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
http://www.ubuntu.com/usn/usn-536-1
http://www.securityfocus.com/bid/26132
http://securitytracker.com/id?1018837
http://secunia.com/advisories/27276
http://secunia.com/advisories/27325
http://secunia.com/advisories/27327
http://secunia.com/advisories/27335
http://secunia.com/advisories/27356
http://secunia.com/advisories/27383
http://secunia.com/advisories/27425
http://secunia.com/advisories/27403
http://secunia.com/advisories/27480
http://secunia.com/advisories/27387
http://secunia.com/advisories/27298
http://secunia.com/advisories/27336
http://secunia.com/advisories/27665
http://secunia.com/advisories/27414
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
http://secunia.com/advisories/27680
http://secunia.com/advisories/27360
http://secunia.com/advisories/28398
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
http://www.vupen.com/english/advisories/2008/0083
http://www.vupen.com/english/advisories/2007/3544
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://www.vupen.com/english/advisories/2007/3587
https://exchange.xforce.ibmcloud.com/vulnerabilities/37287
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11443
https://usn.ubuntu.com/535-1/
http://www.securityfocus.com/archive/1/482932/100/200/threaded
http://www.securityfocus.com/archive/1/482925/100/0/threaded
http://www.securityfocus.com/archive/1/482876/100/200/threaded

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2007-5337
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5337

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 18:20:13				Added to TrackCVE