CVE-2007-5960

Mozilla Cross-site Request Forgery flaw

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

Mozilla Firefox versiones anteriores a 2.0.0.10 y SeaMonkey versiones anteriores a 1.1.7, establece el encabezado Referer en la ventana o trama en la que se ejecuta el script, en lugar de la dirección del contenido que inició el script, lo que permite a atacantes remotos suplantar encabezados Referer HTTP y omitir Esquemas de protección CSRF basados ??en Referer mediante la configuración de window.location y utilizando un cuadro de diálogo de alerta modal que causa que el Referer incorrecto se envíe.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-11-14 CVE Reserved
2007-11-26 CVE Published
2024-08-07 CVE Updated
2024-11-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-352: Cross-Site Request Forgery (CSRF)

CAPEC

References (59)

URL	Tag	Source
http://browser.netscape.com/releasenotes	X_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=198965	X_refsource_misc
http://bugs.gentoo.org/show_bug.cgi?id=200909	X_refsource_misc
http://secunia.com/advisories/29164	Third Party Advisory
http://securitytracker.com/id?1018995	Vdb Entry
http://wiki.rpath.com/Advisories:rPSA-2008-0093	X_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260	X_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093	X_refsource_confirm
http://www.mozilla.org/security/announce/2007/mfsa2007-39.html	X_refsource_confirm
http://www.securityfocus.com/archive/1/488002/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/488971/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/26589	Vdb Entry
http://www.vupen.com/english/advisories/2007/4002	Vdb Entry
http://www.vupen.com/english/advisories/2007/4018	Vdb Entry
http://www.vupen.com/english/advisories/2008/0083	Vdb Entry
http://www.vupen.com/english/advisories/2008/0643	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/38644	Vdb Entry
https://issues.rpath.com/browse/RPL-1984	X_refsource_confirm
https://issues.rpath.com/browse/RPL-1995	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9794	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html	2023-02-13
http://secunia.com/advisories/27725	2023-02-13
http://secunia.com/advisories/27793	2023-02-13
http://secunia.com/advisories/27796	2023-02-13
http://secunia.com/advisories/27797	2023-02-13
http://secunia.com/advisories/27800	2023-02-13
http://secunia.com/advisories/27816	2023-02-13
http://secunia.com/advisories/27838	2023-02-13
http://secunia.com/advisories/27845	2023-02-13
http://secunia.com/advisories/27855	2023-02-13
http://secunia.com/advisories/27944	2023-02-13
http://secunia.com/advisories/27955	2023-02-13
http://secunia.com/advisories/27957	2023-02-13
http://secunia.com/advisories/27979	2023-02-13
http://secunia.com/advisories/28001	2023-02-13
http://secunia.com/advisories/28016	2023-02-13
http://secunia.com/advisories/28171	2023-02-13
http://secunia.com/advisories/28277	2023-02-13
http://secunia.com/advisories/28398	2023-02-13
http://security.gentoo.org/glsa/glsa-200712-21.xml	2023-02-13
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.365006	2023-02-13
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374833	2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1	2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1	2023-02-13
http://www.debian.org/security/2007/dsa-1424	2023-02-13
http://www.debian.org/security/2007/dsa-1425	2023-02-13
http://www.mandriva.com/security/advisories?name=MDKSA-2007:246	2023-02-13
http://www.redhat.com/support/errata/RHSA-2007-1082.html	2023-02-13
http://www.redhat.com/support/errata/RHSA-2007-1083.html	2023-02-13
http://www.redhat.com/support/errata/RHSA-2007-1084.html	2023-02-13
http://www.ubuntu.com/usn/usn-546-2	2023-02-13
https://usn.ubuntu.com/546-1	2023-02-13
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00115.html	2023-02-13
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00135.html	2023-02-13
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00168.html	2023-02-13
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01011.html	2023-02-13
https://access.redhat.com/security/cve/CVE-2007-5960	2007-11-26
https://bugzilla.redhat.com/show_bug.cgi?id=394261	2007-11-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				0.8 Search vendor "Mozilla" for product "Firefox" and version "0.8"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				0.9 Search vendor "Mozilla" for product "Firefox" and version "0.9"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				0.9.1 Search vendor "Mozilla" for product "Firefox" and version "0.9.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				0.9.2 Search vendor "Mozilla" for product "Firefox" and version "0.9.2"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				0.9.3 Search vendor "Mozilla" for product "Firefox" and version "0.9.3"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				0.10 Search vendor "Mozilla" for product "Firefox" and version "0.10"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				0.10.1 Search vendor "Mozilla" for product "Firefox" and version "0.10.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.0 Search vendor "Mozilla" for product "Firefox" and version "1.0"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.0.1 Search vendor "Mozilla" for product "Firefox" and version "1.0.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.0.2 Search vendor "Mozilla" for product "Firefox" and version "1.0.2"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.0.3 Search vendor "Mozilla" for product "Firefox" and version "1.0.3"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.0.4 Search vendor "Mozilla" for product "Firefox" and version "1.0.4"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.0.5 Search vendor "Mozilla" for product "Firefox" and version "1.0.5"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.0.6 Search vendor "Mozilla" for product "Firefox" and version "1.0.6"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.0.7 Search vendor "Mozilla" for product "Firefox" and version "1.0.7"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.0.8 Search vendor "Mozilla" for product "Firefox" and version "1.0.8"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5 Search vendor "Mozilla" for product "Firefox" and version "1.5"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.1 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.2 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.2"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.3 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.3"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.4 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.4"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.5 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.5"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.6 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.6"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.7 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.7"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.8 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.8"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.9 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.9"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.10 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.10"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.11 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.11"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.12 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.12"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.1 Search vendor "Mozilla" for product "Firefox" and version "1.5.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.2 Search vendor "Mozilla" for product "Firefox" and version "1.5.2"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.3 Search vendor "Mozilla" for product "Firefox" and version "1.5.3"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.4 Search vendor "Mozilla" for product "Firefox" and version "1.5.4"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.5 Search vendor "Mozilla" for product "Firefox" and version "1.5.5"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.6 Search vendor "Mozilla" for product "Firefox" and version "1.5.6"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.7 Search vendor "Mozilla" for product "Firefox" and version "1.5.7"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.8 Search vendor "Mozilla" for product "Firefox" and version "1.5.8"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.8 Search vendor "Mozilla" for product "Firefox" and version "1.8"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0 Search vendor "Mozilla" for product "Firefox" and version "2.0"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0 Search vendor "Mozilla" for product "Firefox" and version "2.0"		beta1		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0 Search vendor "Mozilla" for product "Firefox" and version "2.0"		rc2		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0 Search vendor "Mozilla" for product "Firefox" and version "2.0"		rc3		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0.0.1 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0.0.2 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.2"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0.0.3 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.3"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.4"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0.0.5 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.5"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0.0.6 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.6"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0.0.7 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.7"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0.0.8 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.8"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0.0.9 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.9"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				<= 1.1.7 Search vendor "Mozilla" for product "Seamonkey" and version " <= 1.1.7"		-		Affected