CVE-2007-3073
Gentoo Linux Security Advisory 201301-01
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI.
Vulnerabilidad de salto de directorio en Mozilla Firefox 2.0.0.4 y anteriores en Mac OS X y Unix permite a atacantes remotos leer archivos de su elección mediante secuencias ..%2F (punto punto, barra codificada) en un URI resource://.
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation. Versions less than 10.0.11 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-06-05 CVE Reserved
- 2007-06-06 CVE Published
- 2024-08-07 CVE Updated
- 2025-07-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://ha.ckers.org/blog/20070516/read-firefox-settings-poc | X_refsource_misc | |
| http://larholm.com/2007/05/25/firefox-0day-local-file-reading | X_refsource_misc | |
| http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004 | X_refsource_misc | |
| http://osvdb.org/35920 | Vdb Entry | |
| http://secunia.com/advisories/25481 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/470500/100/0/threaded | Mailing List | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=367428 | X_refsource_misc | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=380994 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.0 Search vendor "Apple" for product "Mac Os X" and version "10.0" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.0.1 Search vendor "Apple" for product "Mac Os X" and version "10.0.1" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.0.2 Search vendor "Apple" for product "Mac Os X" and version "10.0.2" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.0.3 Search vendor "Apple" for product "Mac Os X" and version "10.0.3" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.0.4 Search vendor "Apple" for product "Mac Os X" and version "10.0.4" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.1 Search vendor "Apple" for product "Mac Os X" and version "10.1" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.1.1 Search vendor "Apple" for product "Mac Os X" and version "10.1.1" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.1.2 Search vendor "Apple" for product "Mac Os X" and version "10.1.2" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.1.3 Search vendor "Apple" for product "Mac Os X" and version "10.1.3" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.1.4 Search vendor "Apple" for product "Mac Os X" and version "10.1.4" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.1.5 Search vendor "Apple" for product "Mac Os X" and version "10.1.5" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.2 Search vendor "Apple" for product "Mac Os X" and version "10.2" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.2.1 Search vendor "Apple" for product "Mac Os X" and version "10.2.1" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.2.2 Search vendor "Apple" for product "Mac Os X" and version "10.2.2" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.2.3 Search vendor "Apple" for product "Mac Os X" and version "10.2.3" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.2.4 Search vendor "Apple" for product "Mac Os X" and version "10.2.4" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.2.5 Search vendor "Apple" for product "Mac Os X" and version "10.2.5" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.2.6 Search vendor "Apple" for product "Mac Os X" and version "10.2.6" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.2.7 Search vendor "Apple" for product "Mac Os X" and version "10.2.7" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.2.8 Search vendor "Apple" for product "Mac Os X" and version "10.2.8" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.3 Search vendor "Apple" for product "Mac Os X" and version "10.3" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.3.1 Search vendor "Apple" for product "Mac Os X" and version "10.3.1" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.3.2 Search vendor "Apple" for product "Mac Os X" and version "10.3.2" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.3.3 Search vendor "Apple" for product "Mac Os X" and version "10.3.3" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.3.4 Search vendor "Apple" for product "Mac Os X" and version "10.3.4" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.3.5 Search vendor "Apple" for product "Mac Os X" and version "10.3.5" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.3.6 Search vendor "Apple" for product "Mac Os X" and version "10.3.6" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.3.7 Search vendor "Apple" for product "Mac Os X" and version "10.3.7" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.3.8 Search vendor "Apple" for product "Mac Os X" and version "10.3.8" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.3.9 Search vendor "Apple" for product "Mac Os X" and version "10.3.9" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.4 Search vendor "Apple" for product "Mac Os X" and version "10.4" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.4.1 Search vendor "Apple" for product "Mac Os X" and version "10.4.1" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.4.2 Search vendor "Apple" for product "Mac Os X" and version "10.4.2" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.4.3 Search vendor "Apple" for product "Mac Os X" and version "10.4.3" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.4.4 Search vendor "Apple" for product "Mac Os X" and version "10.4.4" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.4.5 Search vendor "Apple" for product "Mac Os X" and version "10.4.5" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.4.6 Search vendor "Apple" for product "Mac Os X" and version "10.4.6" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.4.7 Search vendor "Apple" for product "Mac Os X" and version "10.4.7" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.4.8 Search vendor "Apple" for product "Mac Os X" and version "10.4.8" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.4.9 Search vendor "Apple" for product "Mac Os X" and version "10.4.9" | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.4" | - |
Affected
| in | Unix Search vendor "Unix" | Unix Search vendor "Unix" for product "Unix" | * | - |
Safe
|