English
Français
Light
Dark
System

CVEFind - Alertes CVE

Restez informé en continue
Créer un compte Ouvrez un compte Simple et Gratuit Se connecter Gérez vos alertes

CVE-2007-5960 : Détail

CVE-2007-5960

Directory Traversal
A01-Broken Access Control
1.56%V3
Network
2007-11-26 22:00 +00:00
2018-10-15 18:57 +00:00
CVE.org
NVD

Alerte pour un CVE

Restez informé de toutes modifications pour un CVE spécifique.
Gestion des alertes

Descriptions

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

Informations

Faiblesses connexes

CWE-ID Nom de la faiblesse Source
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Metrics

Metric Score Sévérité CVSS Vecteur Source
V2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N [email protected]

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

EPSS Score

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

EPSS Percentile

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
EPSS First.org

Products Mentioned

Configuraton 0

Mozilla>>Firefox >> Version 0.8

Mozilla>>Firefox >> Version 0.9

Mozilla>>Firefox >> Version 0.9.1

Mozilla>>Firefox >> Version 0.9.2

Mozilla>>Firefox >> Version 0.9.3

Mozilla>>Firefox >> Version 0.10

Mozilla>>Firefox >> Version 0.10.1

Mozilla>>Firefox >> Version 1.0

Mozilla>>Firefox >> Version 1.0.1

Mozilla>>Firefox >> Version 1.0.2

Mozilla>>Firefox >> Version 1.0.3

Mozilla>>Firefox >> Version 1.0.4

Mozilla>>Firefox >> Version 1.0.5

Mozilla>>Firefox >> Version 1.0.6

Mozilla>>Firefox >> Version 1.0.7

Mozilla>>Firefox >> Version 1.0.8

Mozilla>>Firefox >> Version 1.5

Mozilla>>Firefox >> Version 1.5.0.1

Mozilla>>Firefox >> Version 1.5.0.2

Mozilla>>Firefox >> Version 1.5.0.3

Mozilla>>Firefox >> Version 1.5.0.4

Mozilla>>Firefox >> Version 1.5.0.5

Mozilla>>Firefox >> Version 1.5.0.6

Mozilla>>Firefox >> Version 1.5.0.7

Mozilla>>Firefox >> Version 1.5.0.8

Mozilla>>Firefox >> Version 1.5.0.9

Mozilla>>Firefox >> Version 1.5.0.10

Mozilla>>Firefox >> Version 1.5.0.11

Mozilla>>Firefox >> Version 1.5.0.12

Mozilla>>Firefox >> Version 1.5.1

Mozilla>>Firefox >> Version 1.5.2

Mozilla>>Firefox >> Version 1.5.3

Mozilla>>Firefox >> Version 1.5.4

Mozilla>>Firefox >> Version 1.5.5

Mozilla>>Firefox >> Version 1.5.6

Mozilla>>Firefox >> Version 1.5.7

Mozilla>>Firefox >> Version 1.5.8

Mozilla>>Firefox >> Version 1.8

Mozilla>>Firefox >> Version 2.0

Mozilla>>Firefox >> Version 2.0

    Mozilla>>Firefox >> Version 2.0

      Mozilla>>Firefox >> Version 2.0

        Mozilla>>Firefox >> Version 2.0.0.1

        Mozilla>>Firefox >> Version 2.0.0.2

        Mozilla>>Firefox >> Version 2.0.0.3

        Mozilla>>Firefox >> Version 2.0.0.4

        Mozilla>>Firefox >> Version 2.0.0.5

        Mozilla>>Firefox >> Version 2.0.0.6

        Mozilla>>Firefox >> Version 2.0.0.7

        Mozilla>>Firefox >> Version 2.0.0.8

        Mozilla>>Firefox >> Version 2.0.0.9

        Configuraton 0

        Mozilla>>Seamonkey >> Version To (including) 1.1.7

        References

        http://secunia.com/advisories/27816
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://secunia.com/advisories/27855
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://www.debian.org/security/2007/dsa-1424
        Tags : vendor-advisory, x_refsource_DEBIAN
        http://www.securityfocus.com/bid/26589
        Tags : vdb-entry, x_refsource_BID
        http://security.gentoo.org/glsa/glsa-200712-21.xml
        Tags : vendor-advisory, x_refsource_GENTOO
        http://secunia.com/advisories/28277
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://secunia.com/advisories/27845
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://www.redhat.com/support/errata/RHSA-2007-1083.html
        Tags : vendor-advisory, x_refsource_REDHAT
        http://www.vupen.com/english/advisories/2008/0643
        Tags : vdb-entry, x_refsource_VUPEN
        http://www.redhat.com/support/errata/RHSA-2007-1082.html
        Tags : vendor-advisory, x_refsource_REDHAT
        http://secunia.com/advisories/28016
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://www.mandriva.com/security/advisories?name=MDKSA-2007:246
        Tags : vendor-advisory, x_refsource_MANDRIVA
        https://usn.ubuntu.com/546-1/
        Tags : vendor-advisory, x_refsource_UBUNTU
        http://www.vupen.com/english/advisories/2007/4018
        Tags : vdb-entry, x_refsource_VUPEN
        http://secunia.com/advisories/27838
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://securitytracker.com/id?1018995
        Tags : vdb-entry, x_refsource_SECTRACK
        http://www.vupen.com/english/advisories/2007/4002
        Tags : vdb-entry, x_refsource_VUPEN
        http://secunia.com/advisories/27793
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://www.vupen.com/english/advisories/2008/0083
        Tags : vdb-entry, x_refsource_VUPEN
        http://secunia.com/advisories/27955
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://www.ubuntu.com/usn/usn-546-2
        Tags : vendor-advisory, x_refsource_UBUNTU
        http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
        Tags : vendor-advisory, x_refsource_SUNALERT
        http://secunia.com/advisories/27957
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://secunia.com/advisories/28398
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://secunia.com/advisories/29164
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://secunia.com/advisories/28001
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://secunia.com/advisories/27796
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://secunia.com/advisories/27797
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://secunia.com/advisories/27979
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://secunia.com/advisories/28171
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://secunia.com/advisories/27800
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://www.redhat.com/support/errata/RHSA-2007-1084.html
        Tags : vendor-advisory, x_refsource_REDHAT
        http://www.debian.org/security/2007/dsa-1425
        Tags : vendor-advisory, x_refsource_DEBIAN
        http://secunia.com/advisories/27944
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://secunia.com/advisories/27725
        Tags : third-party-advisory, x_refsource_SECUNIA

        Plus d'informations
        Cliquez sur le bouton à gauche (OFF), pour autoriser l'inscription de cookie améliorant les fonctionnalités du site. Cliquez sur le bouton à gauche (Tout accepter), pour ne plus autoriser l'inscription de cookie améliorant les fonctionnalités du site.