CVE-2007-0802
Firefox 2.0.0.1 - Phishing Protection Bypass via Domain Name Manipulation
Title source: llmDescription
Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.
References (5)
Core 5
Core References
Broken Link, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/459265/100/0/threaded
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=367538
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/33705
Broken Link mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0516.html
Broken Link, Exploit, Vendor Advisory x_refsource_misc
http://kaneda.bohater.net/security/20070111-firefox_2.0.0.1_bypass_phishing_protection.php
Scores
EPSS
0.0118
EPSS Percentile
79.0%
Details
CWE
CWE-20
Status
published
Products (2)
mozilla/firefox
2.0.0.1
opera/opera_browser
9.10
Published
Feb 07, 2007
Tracked Since
Feb 18, 2026