Exploitation Summary
EIP tracks 1 public exploit for CVE-2007-0981. PoCs published by Michal Zalewski.
AI-analyzed exploit summary This exploit leverages a vulnerability in Mozilla Firefox where a null byte in the hostname property bypasses the same-origin policy, allowing cookie theft. The PoC demonstrates modifying location.hostname to inject a null byte and set a cookie for a different domain.
Description
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Michal Zalewski · htmlremotewindows
https://www.exploit-db.com/exploits/3340
This exploit leverages a vulnerability in Mozilla Firefox where a null byte in the hostname property bypasses the same-origin policy, allowing cookie theft. The PoC demonstrates modifying location.hostname to inject a null byte and set a cookie for a different domain.
Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
Mozilla Firefox version 2.0.0.1 and prior
No auth needed
Prerequisites:
Victim must visit a malicious webpage or have the exploit hosted on a local server
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (57)
Core 57
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0078.html
Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=370445
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24395
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/32104
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/461336/100/0/threaded
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24328
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0108.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200703-04.xml
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/460126/100/200/threaded
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/460217/100/0/threaded
Vendor Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24384
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32533
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24457
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24343
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2007/dsa-1336
Vendor Advisory vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9730
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0718
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/885753
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24650
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-428-1
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2262
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24320
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25588
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-1103
Various Sources vendor-advisory
x_refsource_suse
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0083
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/461809/100/0/threaded
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24293
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24238
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24393
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24342
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24287
Mailing List vendor-advisory
x_refsource_fedora
http://fedoranews.org/cms/node/2713
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24175
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22566
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0097.html
Mailing List vendor-advisory
x_refsource_fedora
http://fedoranews.org/cms/node/2728
Vendor Advisory vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24205
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-1081
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24333
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24290
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017654
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24455
Various Sources x_refsource_confirm
http://www.mozilla.org/security/announce/2007/mfsa2007-07.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2007-0077.html
Vendor Advisory vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0624
Vendor Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0079.html
Exploit x_refsource_misc
http://lcamtuf.dione.cc/ffhostname.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24437
Scores
EPSS
0.1214
EPSS Percentile
95.6%
Details
CWE
CWE-264
Status
published
Products (44)
mozilla/firefox
0.8
mozilla/firefox
0.9 (2 CPE variants)
mozilla/firefox
0.9.1
mozilla/firefox
0.9.2
mozilla/firefox
0.9.3
mozilla/firefox
0.10
mozilla/firefox
0.10.1
mozilla/firefox
1.0
mozilla/firefox
1.0.1
mozilla/firefox
1.0.2
... and 34 more
Published
Feb 16, 2007
Tracked Since
Feb 18, 2026