CVE-2007-5960

Mozilla Firefox <2.0.0.10 & SeaMonkey <1.1.7 - CSRF

Title source: llm
STIX 2.1

Description

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

References (57)

Core 57
Core References
Various Sources x_refsource_confirm
http://browser.netscape.com/releasenotes/
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27816
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27855
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1424
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26589
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200712-21.xml
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-1995
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28277
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27845
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-1083.html
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9794
Issue Tracking x_refsource_misc
http://bugs.gentoo.org/show_bug.cgi?id=200909
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0643
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-1082.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28016
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:246
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/546-1/
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4018
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488971/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27838
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1018995
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488002/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4002
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27793
Issue Tracking x_refsource_misc
http://bugs.gentoo.org/show_bug.cgi?id=198965
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0083
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27955
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2008-0093
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-546-2
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27957
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28398
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29164
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38644
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28001
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27796
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-1984
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27797
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27979
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28171
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27800
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-1084.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1425
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27944
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27725

Scores

EPSS 0.0147
EPSS Percentile 70.6%

Details

CWE
CWE-22
Status published
Products (47)
mozilla/firefox 0.8
mozilla/firefox 0.9
mozilla/firefox 0.9.1
mozilla/firefox 0.9.2
mozilla/firefox 0.9.3
mozilla/firefox 0.10
mozilla/firefox 0.10.1
mozilla/firefox 1.0
mozilla/firefox 1.0.1
mozilla/firefox 1.0.2
... and 37 more
Published Nov 26, 2007
Tracked Since Feb 18, 2026