// For flags

CVE-2007-0778

 

Severity Score

5.4
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.

La característica caché de página en Mozilla Firefox versiones anteriores a 1.5.0.10 y 2.x versiones anteriores a 2.0.0.2, y SeaMonkey versiones anteriores a 1.0.8 puede generar colisiones de tablas hash que provocan que se añada datos de página a la caché equivocada, lo cual permite a atacantes remotos obtener información confidencial o habilitar otros vectores de ataque cuando la página objetivo se recarga de la caché.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Complete
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-02-06 CVE Reserved
  • 2007-02-26 CVE Published
  • 2024-07-21 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (52)
URL Tag Source
http://secunia.com/advisories/24205 Third Party Advisory
http://secunia.com/advisories/24238 Third Party Advisory
http://secunia.com/advisories/24287 Third Party Advisory
http://secunia.com/advisories/24290 Third Party Advisory
http://secunia.com/advisories/24293 Third Party Advisory
http://secunia.com/advisories/24320 Third Party Advisory
http://secunia.com/advisories/24328 Third Party Advisory
http://secunia.com/advisories/24333 Third Party Advisory
http://secunia.com/advisories/24342 Third Party Advisory
http://secunia.com/advisories/24343 Third Party Advisory
http://secunia.com/advisories/24384 Third Party Advisory
http://secunia.com/advisories/24393 Third Party Advisory
http://secunia.com/advisories/24395 Third Party Advisory
http://secunia.com/advisories/24437 Third Party Advisory
http://secunia.com/advisories/24455 Third Party Advisory
http://secunia.com/advisories/24457 Third Party Advisory
http://secunia.com/advisories/24650 Third Party Advisory
http://secunia.com/advisories/25588 Third Party Advisory
http://securitytracker.com/id?1017699 Third Party Advisory
http://www.osvdb.org/32110 Broken Link
http://www.securityfocus.com/archive/1/461336/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/461809/100/0/threaded Mailing List
http://www.securityfocus.com/bid/22694 Third Party Advisory
http://www.vupen.com/english/advisories/2007/0718 Third Party Advisory
http://www.vupen.com/english/advisories/2008/0083 Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=347852 Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/32671 Third Party Advisory
https://issues.rpath.com/browse/RPL-1081 Broken Link
https://issues.rpath.com/browse/RPL-1103 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9151 Broken Link
URL Date SRC
URL Date SRC
http://www.mozilla.org/security/announce/2007/mfsa2007-03.html 2019-10-09
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc 2019-10-09
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc 2019-10-09
http://fedoranews.org/cms/node/2713 2019-10-09
http://fedoranews.org/cms/node/2728 2019-10-09
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 2019-10-09
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html 2019-10-09
http://rhn.redhat.com/errata/RHSA-2007-0077.html 2019-10-09
http://security.gentoo.org/glsa/glsa-200703-04.xml 2019-10-09
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 2019-10-09
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 2019-10-09
http://www.debian.org/security/2007/dsa-1336 2019-10-09
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml 2019-10-09
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 2019-10-09
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html 2019-10-09
http://www.redhat.com/support/errata/RHSA-2007-0078.html 2019-10-09
http://www.redhat.com/support/errata/RHSA-2007-0079.html 2019-10-09
http://www.redhat.com/support/errata/RHSA-2007-0097.html 2019-10-09
http://www.redhat.com/support/errata/RHSA-2007-0108.html 2019-10-09
http://www.ubuntu.com/usn/usn-428-1 2019-10-09
https://access.redhat.com/security/cve/CVE-2007-0778 2007-03-14
https://bugzilla.redhat.com/show_bug.cgi?id=1618276 2007-03-14
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 >= 1.5 < 1.5.0.10
Search vendor "Mozilla" for product "Firefox" and version " >= 1.5 < 1.5.0.10"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 >= 2.0 < 2.0.0.2
Search vendor "Mozilla" for product "Firefox" and version " >= 2.0 < 2.0.0.2"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 < 1.0.8
Search vendor "Mozilla" for product "Seamonkey" and version " < 1.0.8"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 5.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "5.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 3.1
Search vendor "Debian" for product "Debian Linux" and version "3.1"
-
Affected