CVE-2007-0981

Severity

75%

Complexity

99%

Confidentiality

106%

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Mozilla

First reported 18 years ago

2007-02-16 01:28:00

Last updated 6 years ago

2018-10-16 16:35:00

Affected Software

Mozilla Firefox 0.8

0.8

Mozilla Firefox 0.9

0.9

Mozilla Firefox 0.9 rc

0.9

Mozilla Firefox 0.9.1

0.9.1

Mozilla Firefox 0.9.2

0.9.2

Mozilla Firefox 0.9.3

0.9.3

Mozilla Firefox 0.10

0.10

Mozilla Firefox 0.10.1

0.10.1

Mozilla Firefox 1.0

1.0

Mozilla Firefox 1.0.1

1.0.1

Mozilla Firefox 1.0.2

1.0.2

Mozilla Firefox 1.0.3

1.0.3

Mozilla Firefox 1.0.4

1.0.4

Mozilla Firefox 1.0.5

1.0.5

Mozilla Firefox 1.0.6

1.0.6

Mozilla Firefox 1.0.7

1.0.7

Mozilla Firefox 1.0.8

1.0.8

Mozilla Firefox 1.5

1.5

Mozilla Firefox 1.5 Beta 1

1.5

Mozilla Firefox 1.5 Beta 2

1.5

Mozilla Firefox 1.5.0.1

1.5.0.1

Mozilla Firefox 1.5.0.2

1.5.0.2

Mozilla Firefox 1.5.0.3

1.5.0.3

Mozilla Firefox 1.5.0.4

1.5.0.4

Mozilla Firefox 1.5.0.5

1.5.0.5

Mozilla Firefox 1.5.0.6

1.5.0.6

Mozilla Firefox 1.5.0.7

1.5.0.7

Mozilla Firefox 1.5.0.8

1.5.0.8

Mozilla Firefox

Mozilla Firefox 1.5.1

1.5.1

Mozilla Firefox 1.5.2

1.5.2

Mozilla Firefox 1.5.3

1.5.3

Mozilla Firefox 1.5.4

1.5.4

Mozilla Firefox 1.5.5

1.5.5

Mozilla Firefox 1.5.6

1.5.6

Mozilla Firefox 1.5.7

1.5.7

Mozilla Firefox 1.5.8

1.5.8

Mozilla Firefox 2.0

2.0

Mozilla Firefox 2.0.0.1

2.0.0.1

Mozilla SeaMonkey 1.0

1.0

Mozilla SeaMonkey 1.0.1

1.0.1

Mozilla SeaMonkey 1.0.2

1.0.2

Mozilla SeaMonkey 1.0.3

1.0.3

Mozilla SeaMonkey 1.0.4

1.0.4

Mozilla SeaMonkey 1.0.5

1.0.5

Mozilla SeaMonkey 1.0.6

1.0.6

Mozilla SeaMonkey

References

20070202-01-P

20070301-01-P

FEDORA-2007-281

FEDORA-2007-293

HPSBUX02153

http://lcamtuf.dione.cc/ffhostname.html

Exploit

SUSE-SA:2007:019

RHSA-2007:0077

Vendor Advisory

24175

Vendor Advisory

24205

Vendor Advisory

24238

Vendor Advisory

24287

Vendor Advisory

24290

Vendor Advisory

24293

Vendor Advisory

24320

Vendor Advisory

24328

Vendor Advisory

24333

Vendor Advisory

24342

Vendor Advisory

24343

Vendor Advisory

24384

Vendor Advisory

24393

Vendor Advisory

24395

Vendor Advisory

24437

Vendor Advisory

24455

Vendor Advisory

24457

Vendor Advisory

24650

Vendor Advisory

25588

GLSA-200703-04

2262

1017654

SSA:2007-066-05

SSA:2007-066-03

DSA-1336

GLSA-200703-08

VU#885753

US Government Resource

MDKSA-2007:050

http://www.mozilla.org/security/announce/2007/mfsa2007-07.html

SUSE-SA:2007:022

32104

RHSA-2007:0078

Vendor Advisory

RHSA-2007:0079

Vendor Advisory

RHSA-2007:0097

Vendor Advisory

RHSA-2007:0108

Vendor Advisory

20070214 Firefox: serious cookie stealing / same-domain bypass vulnerability

20070215 Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability

20070226 rPSA-2007-0040-1 firefox

20070303 rPSA-2007-0040-3 firefox thunderbird

22566

USN-428-1

ADV-2007-0624

ADV-2007-0718

ADV-2008-0083

https://bugzilla.mozilla.org/show_bug.cgi?id=370445

Vendor Advisory

firefox-locationhostname-security-bypass(32533)

https://issues.rpath.com/browse/RPL-1081

https://issues.rpath.com/browse/RPL-1103

oval:org.mitre.oval:def:9730

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.