Vulnerabilities > CVE-2007-4357 - Remote Security vulnerability in Firefox
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. NOTE: the severity of this issue has been disputed by a reliable third party, since the intended functionality of the status bar allows it to be modified.
Vulnerable Configurations
References
- http://my.opera.com/MichalBucko/blog/firefox-2-0-0-5-uri-encoding-allows-phishing
- http://www.eleytt.com/michal.bucko/Eleytt_PhishAGoGo/bucked2.html
- http://www.securityfocus.com/archive/1/475467/100/100/threaded
- http://www.securityfocus.com/archive/1/475531/100/100/threaded
- http://www.securityfocus.com/archive/1/475651/100/0/threaded
- http://www.securityfocus.com/archive/1/475970/100/0/threaded
- http://www.securityfocus.com/archive/1/476062/100/0/threaded