CVE-2007-0779

Severity

64%

Complexity

99%

Confidentiality

81%

GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor.

GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor.

CVSS 2.0 Base Score 6.4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N).

Overview

Type

Mozilla

First reported 17 years ago

2007-02-26 20:28:00

Last updated 6 years ago

2018-10-16 16:34:00

Affected Software

Mozilla Firefox 0.8

0.8

Mozilla Firefox 0.9.1

0.9.1

Mozilla Firefox 0.9.2

0.9.2

Mozilla Firefox 0.9.3

0.9.3

Mozilla Firefox 0.10

0.10

Mozilla Firefox 0.10.1

0.10.1

Mozilla Firefox 1.0

1.0

Mozilla Firefox 1.0.1

1.0.1

Mozilla Firefox 1.0.2

1.0.2

Mozilla Firefox 1.0.3

1.0.3

Mozilla Firefox 1.0.4

1.0.4

Mozilla Firefox 1.0.5

1.0.5

Mozilla Firefox 1.0.6

1.0.6

Mozilla Firefox 1.0.7

1.0.7

Mozilla Firefox 1.0.8

1.0.8

Mozilla Firefox 1.5

1.5

Mozilla Firefox 1.5 Beta 1

1.5

Mozilla Firefox 1.5 Beta 2

1.5

Mozilla Firefox 1.5.0.1

1.5.0.1

Mozilla Firefox 1.5.0.2

1.5.0.2

Mozilla Firefox 1.5.0.3

1.5.0.3

Mozilla Firefox 1.5.0.4

1.5.0.4

Mozilla Firefox 1.5.0.5

1.5.0.5

Mozilla Firefox 1.5.0.6

1.5.0.6

Mozilla Firefox 1.5.0.7

1.5.0.7

Mozilla Firefox 1.5.0.8

1.5.0.8

Mozilla Firefox 1.5.0.9

1.5.0.9

Mozilla Firefox 1.5.6

1.5.6

Mozilla Firefox 1.5.8

1.5.8

Mozilla Firefox 2.0

2.0

Mozilla Firefox 2.0.0.1

2.0.0.1

Mozilla SeaMonkey 1.0

1.0

Mozilla SeaMonkey 1.0 beta

1.0

Mozilla SeaMonkey 1.0.1

1.0.1

Mozilla SeaMonkey 1.0.2

1.0.2

Mozilla SeaMonkey 1.0.3

1.0.3

Mozilla SeaMonkey 1.0.4

1.0.4

Mozilla SeaMonkey 1.0.5

1.0.5

Mozilla SeaMonkey 1.0.6

1.0.6

Mozilla SeaMonkey 1.0.7

1.0.7

References

20070202-01-P

20070301-01-P

FEDORA-2007-281

FEDORA-2007-293

HPSBUX02153

SUSE-SA:2007:019

32109

RHSA-2007:0077

24205

Vendor Advisory

24238

Vendor Advisory

24287

Vendor Advisory

24290

Vendor Advisory

24293

Vendor Advisory

24320

Vendor Advisory

24328

Vendor Advisory

24333

Vendor Advisory

24342

Vendor Advisory

24343

Vendor Advisory

24384

Vendor Advisory

24393

Vendor Advisory

24395

Vendor Advisory

24437

Vendor Advisory

24455

Vendor Advisory

24457

Vendor Advisory

24650

Vendor Advisory

GLSA-200703-04

SSA:2007-066-05

SSA:2007-066-03

GLSA-200703-08

MDKSA-2007:050

http://www.mozilla.org/security/announce/2007/mfsa2007-04.html

Patch, Vendor Advisory

SUSE-SA:2007:022

RHSA-2007:0078

RHSA-2007:0079

RHSA-2007:0097

RHSA-2007:0108

20070226 rPSA-2007-0040-1 firefox

20070303 rPSA-2007-0040-3 firefox thunderbird

22694

Patch

1017700

USN-428-1

ADV-2007-0718

ADV-2008-0083

https://bugzilla.mozilla.org/show_bug.cgi?id=361298

https://issues.rpath.com/browse/RPL-1081

https://issues.rpath.com/browse/RPL-1103

oval:org.mitre.oval:def:8757

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.