CVE-2007-1362

Mozilla Firefox - Improper Input Validation

Title source: rule

Description

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."

Exploits (1)

exploitdb WRITEUP VERIFIED

by Nicolas DEROUET · textdoslinux

https://www.exploit-db.com/exploits/29720

View Code ZIP pw:eip

References (36)

Core 36

Core References

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2007:120

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/470172/100/200/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/34613

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-0400.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2007/dsa-1308

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1018163

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10759

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25647

Vendor Advisory vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2007_36_mozilla.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200706-06.xml

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25635

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25534

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/1994

Vendor Advisory vendor-advisory x_refsource_slackware

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25533

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/35140

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2007/dsa-1306

Issue Tracking x_refsource_confirm

https://issues.rpath.com/browse/RPL-1424

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25858

Patch x_refsource_confirm

http://www.mozilla.org/security/announce/2007/mfsa2007-14.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-468-1

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-0401.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25476

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2007:126

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1018162

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/24242

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25750

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2007/dsa-1300

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25559

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/35139

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25490

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/22879

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-0402.html

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA07-151A.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25685

Scores

EPSS 0.4650

EPSS Percentile 97.7%

Details

CWE

CWE-20

Status published

Products (25)

mozilla/firefox 1.5.0.1

mozilla/firefox 1.5.0.2

mozilla/firefox 1.5.0.3

mozilla/firefox 1.5.0.4

mozilla/firefox 1.5.0.5

mozilla/firefox 1.5.0.6

mozilla/firefox 1.5.0.7

mozilla/firefox 1.5.0.8

mozilla/firefox 1.5.0.9

mozilla/firefox 1.5.0.10

... and 15 more

Published Jun 01, 2007

Tracked Since Feb 18, 2026