CVE-2007-0800

Severity

43%

Complexity

86%

Confidentiality

48%

Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.

Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N).

Overview

First reported 18 years ago

2007-02-07 11:28:00

Last updated 6 years ago

2018-10-16 16:34:00

Affected Software

Mozilla Firefox 1.5.0.9

1.5.0.9

References

20070202-01-P

20070301-01-P

FEDORA-2007-281

FEDORA-2007-293

HPSBUX02153

20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops

20070205 Re: Firefox + popup blocker + XMLHttpRequest + srand() = oops

SUSE-SA:2007:019

RHSA-2007:0077

24205

24238

24287

24290

24293

24320

24328

24333

24342

24343

24384

24393

24395

24437

24457

24650

GLSA-200703-04

SSA:2007-066-05

GLSA-200703-08

MDKSA-2007:050

http://www.mozilla.org/security/announce/2007/mfsa2007-05.html

SUSE-SA:2007:022

32108

RHSA-2007:0078

RHSA-2007:0079

RHSA-2007:0097

RHSA-2007:0108

20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops

20070205 Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops

20070226 rPSA-2007-0040-1 firefox

20070303 rPSA-2007-0040-3 firefox thunderbird

22396

Exploit, Vendor Advisory

22694

1017702

USN-428-1

ADV-2007-0718

ADV-2008-0083

firefox-popup-security-bypass(32194)

https://issues.rpath.com/browse/RPL-1081

https://issues.rpath.com/browse/RPL-1103

oval:org.mitre.oval:def:10654

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.