Vulnerabilities > CVE-2007-5337 - Information Exposure vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0981.NASL description Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27542 published 2007-10-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27542 title CentOS 4 / 5 : thunderbird (CESA-2007:0981) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0981 and # CentOS Errata and Security Advisory 2007:0981 respectively. # include("compat.inc"); if (description) { script_id(27542); script_version("1.20"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2007-1095", "CVE-2007-2292", "CVE-2007-3511", "CVE-2007-3844", "CVE-2007-5334", "CVE-2007-5337", "CVE-2007-5338", "CVE-2007-5339", "CVE-2007-5340"); script_bugtraq_id(22688, 23668, 24725, 25142, 26132); script_xref(name:"RHSA", value:"2007:0981"); script_name(english:"CentOS 4 / 5 : thunderbird (CESA-2007:0981)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues." ); # https://lists.centos.org/pipermail/centos-announce/2007-October/014307.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?089f3780" ); # https://lists.centos.org/pipermail/centos-announce/2007-October/014308.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?315f5abd" ); # https://lists.centos.org/pipermail/centos-announce/2007-October/014314.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ac983987" ); # https://lists.centos.org/pipermail/centos-announce/2007-October/014315.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?04eabe0f" ); # https://lists.centos.org/pipermail/centos-announce/2007-October/014319.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?92aa20fb" ); script_set_attribute( attribute:"solution", value:"Update the affected thunderbird package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(16, 20, 200); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:thunderbird"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/26"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x / 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", reference:"thunderbird-1.5.0.12-0.5.el4.centos")) flag++; if (rpm_check(release:"CentOS-5", reference:"thunderbird-1.5.0.12-5.el5.centos")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird"); }NASL family Scientific Linux Local Security Checks NASL id SL_20071019_FIREFOX_ON_SL5_X.NASL description Several flaws were found in the way in which Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Firefox sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Firefox generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) last seen 2020-06-01 modified 2020-06-02 plugin id 60268 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60268 title Scientific Linux Security Update : firefox on SL5.x, SL4.x, SL3.x i386/x86_64 NASL family Scientific Linux Local Security Checks NASL id SL_20071019_THUNDERBIRD_ON_SL5_X.NASL description Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) last seen 2020-06-01 modified 2020-06-02 plugin id 60270 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60270 title Scientific Linux Security Update : thunderbird on SL5.x, SL4.x, SL3.x i386/x86_64 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1392.NASL description Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1095 Michal Zalewski discovered that the unload event handler had access to the address of the next page to be loaded, which could allow information disclosure or spoofing. - CVE-2007-2292 Stefano Di Paola discovered that insufficient validation of user names used in Digest authentication on a website allows HTTP response splitting attacks. - CVE-2007-3511 It was discovered that insecure focus handling of the file upload control can lead to information disclosure. This is a variant of CVE-2006-2894. - CVE-2007-5334 Eli Friedman discovered that web pages written in Xul markup can hide the titlebar of windows, which can lead to spoofing attacks. - CVE-2007-5337 Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI schemes may lead to information disclosure. This vulnerability is only exploitable if Gnome-VFS support is present on the system. - CVE-2007-5338 last seen 2020-06-01 modified 2020-06-02 plugin id 27547 published 2007-10-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27547 title Debian DSA-1392-1 : xulrunner - several vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1401.NASL description Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the SeaMonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1095 Michal Zalewski discovered that the unload event handler had access to the address of the next page to be loaded, which could allow information disclosure or spoofing. - CVE-2007-2292 Stefano Di Paola discovered that insufficient validation of user names used in Digest authentication on a website allows HTTP response splitting attacks. - CVE-2007-3511 It was discovered that insecure focus handling of the file upload control can lead to information disclosure. This is a variant of CVE-2006-2894. - CVE-2007-5334 Eli Friedman discovered that web pages written in Xul markup can hide the titlebar of windows, which can lead to spoofing attacks. - CVE-2007-5337 Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI schemes may lead to information disclosure. This vulnerability is only exploitable if Gnome-VFS support is present on the system. - CVE-2007-5338 last seen 2020-06-01 modified 2020-06-02 plugin id 27630 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27630 title Debian DSA-1401-1 : iceape - several vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-535-1.NASL description Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 28141 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28141 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-535-1) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-202.NASL description A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.8. This update provides the latest Firefox to correct these issues. As well, it provides Firefox 2.0.0.8 for older products. last seen 2020-06-01 modified 2020-06-02 plugin id 36338 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36338 title Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2007:202) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0980.NASL description Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way in which SeaMonkey processed certain malformed web content. A web page containing malicious content could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which SeaMonkey displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the SeaMonkey sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which SeaMonkey generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27569 published 2007-10-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27569 title RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:0980) NASL family SuSE Local Security Checks NASL id SUSE_SEAMONKEY-4596.NASL description This update fixes several security issues in Mozilla SeaMonkey 1.0.9. Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create last seen 2020-06-01 modified 2020-06-02 plugin id 27581 published 2007-10-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27581 title openSUSE 10 Security Update : seamonkey (seamonkey-4596) NASL family Fedora Local Security Checks NASL id FEDORA_2007-2664.NASL description - Fri Oct 19 2007 Christopher Aillon <caillon at redhat.com> - 2.0.0.8-1 - Update to 2.0.0.8 - Tue Oct 16 2007 Martin Stransky <stransky at redhat.com> - added fix for #246248 - firefox crashes when searching - Wed Jul 18 2007 Kai Engert <kengert at redhat.com> - 2.0.0.5-1 - Update to 2.0.0.5 - Fri Jun 29 2007 Martin Stransky <stransky at redhat.com> 2.0.0.4-3 - backported pango patches from FC6 (1.5.0.12) - Sun Jun 3 2007 Christopher Aillon <caillon at redhat.com> 2.0.0.4-2 - Properly clean up threads with newer NSPR - Wed May 30 2007 Christopher Aillon <caillon at redhat.com> 2.0.0.4-1 - Final version - Wed May 23 2007 Christopher Aillon <caillon at redhat.com> 2.0.0.4-0.rc3 - Update to 2.0.0.4 RC3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27786 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27786 title Fedora 7 : firefox-2.0.0.8-1.fc7 (2007-2664) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0979.NASL description Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way in which Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Firefox sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Firefox generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) All users of Firefox are advised to upgrade to these updated packages, which contain backported patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27540 published 2007-10-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27540 title CentOS 4 / 5 : firefox (CESA-2007:0979) NASL family Fedora Local Security Checks NASL id FEDORA_2007-3431.NASL description Updated thunderbird packages that fix several security bugs are now available for Fedora Core 7. This update has been rated as having moderate security impact by the Fedora Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28231 published 2007-11-16 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28231 title Fedora 7 : thunderbird-2.0.0.9-1.fc7 (2007-3431) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0981.NASL description From Red Hat Security Advisory 2007:0981 : Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67593 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67593 title Oracle Linux 4 : thunderbird (ELSA-2007-0981) NASL family Windows NASL id MOZILLA_FIREFOX_2008.NASL description The installed version of Firefox is affected by various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user last seen 2020-06-01 modified 2020-06-02 plugin id 27521 published 2007-10-19 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27521 title Firefox < 2.0.0.8 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200711-14.NASL description The remote host is affected by the vulnerability described in GLSA-200711-14 (Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities) Multiple vulnerabilities have been reported in Mozilla Firefox and SeaMonkey. Various errors in the browser engine and the JavaScript engine can be exploited to cause a memory corruption (CVE-2007-5339 and CVE-2007-5340). Before being used in a request, input passed to the user ID when making an HTTP request with digest authentication is not properly sanitised (CVE-2007-2292). The titlebar can be hidden by a XUL markup language document (CVE-2007-5334). Additionally, an error exists in the handling of last seen 2020-06-01 modified 2020-06-02 plugin id 28197 published 2007-11-14 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28197 title GLSA-200711-14 : Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0981.NASL description Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27570 published 2007-10-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27570 title RHEL 4 / 5 : thunderbird (RHSA-2007:0981) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0980.NASL description From Red Hat Security Advisory 2007:0980 : Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way in which SeaMonkey processed certain malformed web content. A web page containing malicious content could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which SeaMonkey displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the SeaMonkey sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which SeaMonkey generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67592 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67592 title Oracle Linux 3 / 4 : seamonkey (ELSA-2007-0980) NASL family Windows NASL id SEAMONKEY_115.NASL description The installed version of SeaMonkey contains various security issues that could cause the application to crash or lead to execution of arbitrary code on the affected host subject to the user last seen 2020-06-01 modified 2020-06-02 plugin id 27536 published 2007-10-24 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27536 title SeaMonkey < 1.1.5 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2007-2601.NASL description SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. By leveraging browser flaws, users could be fooled into possibly surrendering sensitive information (CVE-2007-1095, CVE-2007-3511, CVE-2007-3844, CVE-2007-5334). Malformed web content could result in the execution of arbitrary commands (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340). Digest Authentication requests can be used to conduct a response splitting attack (CVE-2007-2292). The sftp protocol handler could be used to view the contents of arbitrary local files (CVE-2007-5337). Users of SeaMonkey are advised to upgrade to these erratum packages, which contain patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27780 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27780 title Fedora 7 : seamonkey-1.1.5-1.fc7 (2007-2601) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-4572.NASL description This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create last seen 2020-06-01 modified 2020-06-02 plugin id 27528 published 2007-10-24 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27528 title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-4572) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1396.NASL description Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1095 Michal Zalewski discovered that the unload event handler had access to the address of the next page to be loaded, which could allow information disclosure or spoofing. - CVE-2007-2292 Stefano Di Paola discovered that insufficient validation of user names used in Digest authentication on a website allows HTTP response splitting attacks. - CVE-2007-3511 It was discovered that insecure focus handling of the file upload control can lead to information disclosure. This is a variant of CVE-2006-2894. - CVE-2007-5334 Eli Friedman discovered that web pages written in Xul markup can hide the titlebar of windows, which can lead to spoofing attacks. - CVE-2007-5337 Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI schemes may lead to information disclosure. This vulnerability is only exploitable if Gnome-VFS support is present on the system. - CVE-2007-5338 last seen 2020-06-01 modified 2020-06-02 plugin id 27587 published 2007-10-30 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27587 title Debian DSA-1396-1 : iceweasel - several vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20071019_SEAMONKEY_ON_SL4_X.NASL description Several flaws were found in the way in which SeaMonkey processed certain malformed web content. A web page containing malicious content could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which SeaMonkey displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the SeaMonkey sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which SeaMonkey generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) last seen 2020-06-01 modified 2020-06-02 plugin id 60269 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60269 title Scientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_SEAMONKEY-4594.NASL description This update fixes several security issues in Mozilla SeaMonkey 1.1.5. Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create last seen 2020-06-01 modified 2020-06-02 plugin id 27573 published 2007-10-25 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27573 title openSUSE 10 Security Update : seamonkey (seamonkey-4594) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0980.NASL description Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way in which SeaMonkey processed certain malformed web content. A web page containing malicious content could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which SeaMonkey displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the SeaMonkey sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which SeaMonkey generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27541 published 2007-10-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27541 title CentOS 3 / 4 : seamonkey (CESA-2007:0980) NASL family Fedora Local Security Checks NASL id FEDORA_2007-3414.NASL description Updated thunderbird packages that fix several security bugs are now available for Fedora Core 8. This update has been rated as having moderate security impact by the Fedora Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28230 published 2007-11-16 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28230 title Fedora 8 : thunderbird-2.0.0.9-1.fc8 (2007-3414) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0979.NASL description Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way in which Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Firefox sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Firefox generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) All users of Firefox are advised to upgrade to these updated packages, which contain backported patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27568 published 2007-10-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27568 title RHEL 4 / 5 : firefox (RHSA-2007:0979) NASL family Fedora Local Security Checks NASL id FEDORA_2007-2795.NASL description SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. By leveraging browser flaws, users could be fooled into possibly surrendering sensitive information (CVE-2007-1095, CVE-2007-3511, CVE-2007-3844, CVE-2007-5334). Malformed web content could result in the execution of arbitrary commands (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340). Digest Authentication requests can be used to conduct a response splitting attack (CVE-2007-2292). The sftp protocol handler could be used to view the contents of arbitrary local files (CVE-2007-5337). Users of SeaMonkey are advised to upgrade to these erratum packages, which contain patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27805 published 2007-11-07 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27805 title Fedora 8 : seamonkey-1.1.5-2.fc8 (2007-2795) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-4570.NASL description This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - Privilege escalation through chrome-loaded about:blank windows. (MFSA 2007-26 / CVE-2007-3844) Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create last seen 2020-06-01 modified 2020-06-02 plugin id 29362 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29362 title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 4570) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-4574.NASL description This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create last seen 2020-06-01 modified 2020-06-02 plugin id 27529 published 2007-10-24 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27529 title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-4574) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0979.NASL description From Red Hat Security Advisory 2007:0979 : Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way in which Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Firefox sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Firefox generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) All users of Firefox are advised to upgrade to these updated packages, which contain backported patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67591 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67591 title Oracle Linux 4 / 5 : firefox (ELSA-2007-0979) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-536-1.NASL description Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 28142 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28142 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : mozilla-thunderbird, thunderbird vulnerabilities (USN-536-1)
Oval
| accepted | 2013-04-29T04:14:04.901-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. | ||||||||||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:11443 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
| title | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. | ||||||||||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 26132 CVE(CAN) ID: CVE-2007-5338,CVE-2007-5337,CVE-2007-5334,CVE-2007-5340,CVE-2007-5339 Mozilla Firefox是开放源码的WEB浏览器。 Firefox处理某些畸形Web内容的方式存在几个漏洞,包含有恶意内容的网页可能导致Firefox崩溃或以运行Firefox用户的权限执行任意代码。 使用XUL标记语言所编写的网页可能会隐藏窗口的标题栏,攻击者可以利用这个特性创建诱骗网页执行钓鱼攻击。 在支持gnome-vfs的Linux机器上,Firefox可以使用smb:和sftp: URI主题。如果攻击者能够将攻击网页储存在目标服务器上的手动可访问位置(如/tmp)并诱骗受害用户加载该网页,就可以读取该服务器上已知位置的任意属于受害用户的文件。 攻击者可以使用Script对象修改XPCNativeWrappers,导致之后浏览器chrome的访问(如右击打开上下文菜单)允许以用户权限执行攻击者所提供的javascript。 Mozilla Firefox < 2.0.0.8 Mozilla Thunderbird < 2.0.0.8 Mozilla SeaMonkey < 1.1.5 Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://www.mozilla.com/en-US/firefox/" target="_blank">http://www.mozilla.com/en-US/firefox/</a> <a href="http://www.mozilla.org/projects/seamonkey/" target="_blank">http://www.mozilla.org/projects/seamonkey/</a> <a href="http://www.mozilla.com/en-US/thunderbird/" target="_blank">http://www.mozilla.com/en-US/thunderbird/</a> RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2007:0980-01)以及相应补丁: RHSA-2007:0980-01:Critical: seamonkey security update 链接:<a href="https://www.redhat.com/support/errata/RHSA-2007-0980.html" target="_blank">https://www.redhat.com/support/errata/RHSA-2007-0980.html</a> |
| id | SSV:2325 |
| last seen | 2017-11-19 |
| modified | 2007-10-23 |
| published | 2007-10-23 |
| reporter | Root |
| title | Mozilla Firefox 2.0.0.7多个远程安全漏洞 |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=381146
- http://www.mozilla.org/security/announce/2007/mfsa2007-34.html
- https://issues.rpath.com/browse/RPL-1858
- http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
- http://www.debian.org/security/2007/dsa-1396
- http://www.debian.org/security/2007/dsa-1401
- http://www.debian.org/security/2007/dsa-1392
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
- http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
- http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
- http://www.redhat.com/support/errata/RHSA-2007-0979.html
- http://www.redhat.com/support/errata/RHSA-2007-0980.html
- http://www.redhat.com/support/errata/RHSA-2007-0981.html
- http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
- http://www.ubuntu.com/usn/usn-536-1
- http://www.securityfocus.com/bid/26132
- http://securitytracker.com/id?1018837
- http://secunia.com/advisories/27276
- http://secunia.com/advisories/27325
- http://secunia.com/advisories/27327
- http://secunia.com/advisories/27335
- http://secunia.com/advisories/27356
- http://secunia.com/advisories/27383
- http://secunia.com/advisories/27425
- http://secunia.com/advisories/27403
- http://secunia.com/advisories/27480
- http://secunia.com/advisories/27387
- http://secunia.com/advisories/27298
- http://secunia.com/advisories/27336
- http://secunia.com/advisories/27665
- http://secunia.com/advisories/27414
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
- http://secunia.com/advisories/27680
- http://secunia.com/advisories/27360
- http://secunia.com/advisories/28398
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
- http://www.vupen.com/english/advisories/2008/0083
- http://www.vupen.com/english/advisories/2007/3544
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://www.vupen.com/english/advisories/2007/3587
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37287
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11443
- https://usn.ubuntu.com/535-1/
- http://www.securityfocus.com/archive/1/482932/100/200/threaded
- http://www.securityfocus.com/archive/1/482925/100/0/threaded
- http://www.securityfocus.com/archive/1/482876/100/200/threaded