cvelistv5 - cve-2007-5334

CVE-2007-5334 (GCVE-0-2007-5334)

Vulnerability from cvelistv5

Published

2007-10-21 20:00

Modified

2024-08-07 15:24

Severity ?

CWE

Summary

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute.

References

URL

Tags

	https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/archive/1/482876/100/200/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2007/3587	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/27414	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/482925/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	https://issues.rpath.com/browse/RPL-1858	x_refsource_CONFIRM
	http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/27360	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/27298	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27315	third-party-advisory, x_refsource_SECUNIA
	http://securitytracker.com/id?1018837	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/27327	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/3544	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/27276	third-party-advisory, x_refsource_SECUNIA
	https://usn.ubuntu.com/535-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.debian.org/security/2007/dsa-1401	vendor-advisory, x_refsource_DEBIAN
	http://www.debian.org/security/2007/dsa-1392	vendor-advisory, x_refsource_DEBIAN
	http://www.kb.cert.org/vuls/id/349217	third-party-advisory, x_refsource_CERT-VN
	http://www.redhat.com/support/errata/RHSA-2007-0980.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/27383	third-party-advisory, x_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2007_57_mozilla.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/27356	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2007-0981.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2008/0083	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/27387	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.mozilla.org/show_bug.cgi?id=391043	x_refsource_MISC
	https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/27403	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27336	third-party-advisory, x_refsource_SECUNIA
	http://www.mozilla.org/security/announce/2007/mfsa2007-33.html	x_refsource_CONFIRM
	http://www.debian.org/security/2007/dsa-1396	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/27425	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/28398	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27311	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/27325	third-party-advisory, x_refsource_SECUNIA
	http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202	vendor-advisory, x_refsource_MANDRIVA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/37286	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/27665	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2007-0979.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/27335	third-party-advisory, x_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/27480	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27680	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/26132	vdb-entry, x_refsource_BID
	http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html	x_refsource_CONFIRM
	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1	vendor-advisory, x_refsource_SUNALERT
	http://www.securityfocus.com/archive/1/482932/100/200/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.ubuntu.com/usn/usn-536-1	vendor-advisory, x_refsource_UBUNTU
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11482	vdb-entry, signature, x_refsource_OVAL

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:24:42.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2007-2601",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html"
          },
          {
            "name": "20071026 rPSA-2007-0225-1 firefox",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded"
          },
          {
            "name": "ADV-2007-3587",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3587"
          },
          {
            "name": "27414",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27414"
          },
          {
            "name": "20071029 FLEA-2007-0062-1 firefox",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1858"
          },
          {
            "name": "GLSA-200711-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml"
          },
          {
            "name": "27360",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27360"
          },
          {
            "name": "HPSBUX02153",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "27298",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27298"
          },
          {
            "name": "27315",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27315"
          },
          {
            "name": "1018837",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018837"
          },
          {
            "name": "27327",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27327"
          },
          {
            "name": "ADV-2007-3544",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3544"
          },
          {
            "name": "27276",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27276"
          },
          {
            "name": "USN-535-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/535-1/"
          },
          {
            "name": "DSA-1401",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1401"
          },
          {
            "name": "DSA-1392",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1392"
          },
          {
            "name": "VU#349217",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/349217"
          },
          {
            "name": "RHSA-2007:0980",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0980.html"
          },
          {
            "name": "27383",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27383"
          },
          {
            "name": "SUSE-SA:2007:057",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html"
          },
          {
            "name": "27356",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27356"
          },
          {
            "name": "RHSA-2007:0981",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0981.html"
          },
          {
            "name": "ADV-2008-0083",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0083"
          },
          {
            "name": "27387",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27387"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=391043"
          },
          {
            "name": "FEDORA-2007-3431",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html"
          },
          {
            "name": "27403",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27403"
          },
          {
            "name": "27336",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27336"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-33.html"
          },
          {
            "name": "DSA-1396",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1396"
          },
          {
            "name": "27425",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27425"
          },
          {
            "name": "28398",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28398"
          },
          {
            "name": "27311",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27311"
          },
          {
            "name": "SSRT061181",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "27325",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27325"
          },
          {
            "name": "MDKSA-2007:202",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202"
          },
          {
            "name": "mozilla-xul-page-spoofing(37286)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37286"
          },
          {
            "name": "27665",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27665"
          },
          {
            "name": "RHSA-2007:0979",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0979.html"
          },
          {
            "name": "27335",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27335"
          },
          {
            "name": "FEDORA-2007-2664",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html"
          },
          {
            "name": "27480",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27480"
          },
          {
            "name": "27680",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27680"
          },
          {
            "name": "26132",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26132"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html"
          },
          {
            "name": "201516",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
          },
          {
            "name": "20071029 rPSA-2007-0225-2 firefox thunderbird",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded"
          },
          {
            "name": "USN-536-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-536-1"
          },
          {
            "name": "oval:org.mitre.oval:def:11482",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11482"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window\u0027s titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2007-2601",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html"
        },
        {
          "name": "20071026 rPSA-2007-0225-1 firefox",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded"
        },
        {
          "name": "ADV-2007-3587",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3587"
        },
        {
          "name": "27414",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27414"
        },
        {
          "name": "20071029 FLEA-2007-0062-1 firefox",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1858"
        },
        {
          "name": "GLSA-200711-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml"
        },
        {
          "name": "27360",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27360"
        },
        {
          "name": "HPSBUX02153",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "name": "27298",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27298"
        },
        {
          "name": "27315",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27315"
        },
        {
          "name": "1018837",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018837"
        },
        {
          "name": "27327",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27327"
        },
        {
          "name": "ADV-2007-3544",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3544"
        },
        {
          "name": "27276",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27276"
        },
        {
          "name": "USN-535-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/535-1/"
        },
        {
          "name": "DSA-1401",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1401"
        },
        {
          "name": "DSA-1392",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1392"
        },
        {
          "name": "VU#349217",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/349217"
        },
        {
          "name": "RHSA-2007:0980",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0980.html"
        },
        {
          "name": "27383",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27383"
        },
        {
          "name": "SUSE-SA:2007:057",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html"
        },
        {
          "name": "27356",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27356"
        },
        {
          "name": "RHSA-2007:0981",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0981.html"
        },
        {
          "name": "ADV-2008-0083",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0083"
        },
        {
          "name": "27387",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27387"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=391043"
        },
        {
          "name": "FEDORA-2007-3431",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html"
        },
        {
          "name": "27403",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27403"
        },
        {
          "name": "27336",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27336"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-33.html"
        },
        {
          "name": "DSA-1396",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1396"
        },
        {
          "name": "27425",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27425"
        },
        {
          "name": "28398",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28398"
        },
        {
          "name": "27311",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27311"
        },
        {
          "name": "SSRT061181",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "name": "27325",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27325"
        },
        {
          "name": "MDKSA-2007:202",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202"
        },
        {
          "name": "mozilla-xul-page-spoofing(37286)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37286"
        },
        {
          "name": "27665",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27665"
        },
        {
          "name": "RHSA-2007:0979",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0979.html"
        },
        {
          "name": "27335",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27335"
        },
        {
          "name": "FEDORA-2007-2664",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html"
        },
        {
          "name": "27480",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27480"
        },
        {
          "name": "27680",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27680"
        },
        {
          "name": "26132",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26132"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html"
        },
        {
          "name": "201516",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
        },
        {
          "name": "20071029 rPSA-2007-0225-2 firefox thunderbird",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded"
        },
        {
          "name": "USN-536-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-536-1"
        },
        {
          "name": "oval:org.mitre.oval:def:11482",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11482"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-5334",
    "datePublished": "2007-10-21T20:00:00.000Z",
    "dateReserved": "2007-10-10T00:00:00.000Z",
    "dateUpdated": "2024-08-07T15:24:42.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2007-AVI-453

Vulnerability from certfr_avis

None

Description

Le navigateur Netscape Navigator 9 s'appuie en très grande partie sur le développement actuel de Mozilla Firefox 2. Le CERTA a publié le 19 octobre 2007 l'avis CERTA-2007-AVI-446 concernant plusieurs vulnérabilités du navigateur Mozilla.

Netscape Navigator est affecté par ces mêmes vulnérabilités.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Netscape Navigator pour les versions antérieures à 9.0.0.1.

References

Title

Publication Time

Tags

Bulletin de mise à jour Netscape Navigator 9.0.0.1 du 23 octobre 2007	None	vendor-advisory
Annonce de mise à jour du navigateur Netscape Navigator 9 :	-	other
Bulletin de sécurité de la fondation Mozilla MFSA-2007-34 du 18 octobre 2007 :	-	other
Bulletin de sécurité de la fondation Mozilla MFSA-2007-32 du 18 octobre 2007 :	-	other
Bulletin de sécurité de la fondation Mozilla MFSA-2007-29 du 18 octobre 2007 :	-	other
Bulletin de sécurité de la fondation Mozilla MFSA-2007-33 du 18 octobre 2007 :	-	other
Bulletin de sécurité de la fondation Mozilla MFSA-2007-36 du 18 octobre 2007 :	-	other
Bulletin de sécurité de la fondation Mozilla MFSA-2007-31 du 18 octobre 2007 :	-	other
Bulletin de sécurité de la fondation Mozilla MFSA-2007-30 du 18 octobre 2007 :	-	other
Bulletin de sécurité de la fondation Mozilla MFSA-2007-35 du 18 octobre 2007 :	-	other
Avis de sécurité CERTA-2007-AVI-446 du 19 octobre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Netscape Navigator pour les versions ant\u00e9rieures \u00e0 9.0.0.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLe navigateur Netscape Navigator 9 s\u0027appuie en tr\u00e8s grande partie sur le\nd\u00e9veloppement actuel de Mozilla Firefox 2. Le CERTA a publi\u00e9 le 19\noctobre 2007 l\u0027avis CERTA-2007-AVI-446 concernant plusieurs\nvuln\u00e9rabilit\u00e9s du navigateur Mozilla.\n\nNetscape Navigator est affect\u00e9 par ces m\u00eames vuln\u00e9rabilit\u00e9s.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5338"
    },
    {
      "name": "CVE-2007-5340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5340"
    },
    {
      "name": "CVE-2007-2292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2292"
    },
    {
      "name": "CVE-2007-5339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5339"
    },
    {
      "name": "CVE-2007-5334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5334"
    },
    {
      "name": "CVE-2007-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1095"
    },
    {
      "name": "CVE-2007-5337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5337"
    },
    {
      "name": "CVE-2007-4891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4891"
    }
  ],
  "initial_release_date": "2007-10-24T00:00:00",
  "last_revision_date": "2007-10-24T00:00:00",
  "links": [
    {
      "title": "Annonce de mise \u00e0 jour du navigateur Netscape Navigator 9 :",
      "url": "http://browser.netscape.com/releasenotes/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla MFSA-2007-34    du 18 octobre 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/MFSA-2007-34.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla MFSA-2007-32    du 18 octobre 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/MFSA-2007-32.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla MFSA-2007-29    du 18 octobre 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/MFSA-2007-29.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla MFSA-2007-33    du 18 octobre 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/MFSA-2007-33.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla MFSA-2007-36    du 18 octobre 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/MFSA-2007-36.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla MFSA-2007-31    du 18 octobre 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/MFSA-2007-31.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla MFSA-2007-30    du 18 octobre 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/MFSA-2007-30.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla MFSA-2007-35    du 18 octobre 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/MFSA-2007-35.html"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 CERTA-2007-AVI-446 du 19 octobre 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-446/"
    }
  ],
  "reference": "CERTA-2007-AVI-453",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-10-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9s de Netscape Navigator",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de mise \u00e0 jour Netscape Navigator 9.0.0.1 du 23 octobre 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-446

Vulnerability from certfr_avis

Les mises à jour Mozilla corrigent plusieurs vulnérabilités. Deux sont considérées comme critiques, dont l'une en relation avec l'alerte CERTA-2007-ALE-015 «Vulnérabilité dans le traitement des URI sous Windows».

Description

Les produits Mozilla sont affectés par plusieurs vulnérabilités. L'une concerne une mauvaise gestion des URI (Uniform resource Identifier) contenant des charactères encodés avec %. Une autre entraine un dysfonctionnement avec corruption de la mémoire.

Solution

Se référer au bulletin de sécurité de Mozilla pour l'obtention des correctifs (cf. section Documentation).

Thunderbird et Firefox, les versions antérieures à la 2.0.0.8 ;
SeaMonkey, les versions antérieures à la 1.1.5.

Il faut cependant noter que, si Mozilla semble corriger les erreurs dans la version 2.0.0.8 de Thunderbird, seule la version 2.0.0.6 est disponible en téléchargement public, à la date de rédaction de cet avis.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité Mozilla 2007-29 à 2007-36 du 18 octobre 2007	None	vendor-advisory
Mise à jour Red Hat RHSA-2007-0979 du 19 octobre 2007 pour Firefox :	-	other
Bulletin de sécurité de la fondation Mozilla MFSA2007-35 du 18 octobre 2007 :	-	other
Mise à jour Red Hat RHSA-2007-0981 du 19 octobre 2007 pour Thunderbird :	-	other
Bulletin de sécurité de la fondation Mozilla MFSA2007-31 du 18 octobre 2007 :	-	other
Alerte CERTA-2007-ALE-015 du 11 octobre 2007 :	-	other
Bulletin de sécurité de la fondation Mozilla MFSA2007-33 du 18 octobre 2007 :	-	other
Bulletin de sécurité de la fondation Mozilla MFSA2007-36 du 18 octobre 2007 :	-	other
Bulletin de sécurité de la fondation Mozilla MFSA2007-30 du 18 octobre 2007 :	-	other
Bulletin de sécurité de la fondation Mozilla MFSA2007-29 du 18 octobre 2007 :	-	other
Mise à jour de sécurité Suse du 19 octobre 2007 :	-	other
Bulletin de sécurité de la fondation Mozilla MFSA2007-32 du 18 octobre 2007 :	-	other
Mise à jour Red Hat RHSA-2007-0980 du 19 octobre 2007 pour Seamonkey :	-	other
Bulletin de sécurité de la fondation Mozilla MFSA2007-34 du 18 octobre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eThunderbird et Firefox, les versions ant\u00e9rieures \u00e0 la    2.0.0.8 ;\u003c/LI\u003e    \u003cLI\u003eSeaMonkey, les versions ant\u00e9rieures \u00e0 la 1.1.5.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eIl faut cependant noter que, si Mozilla semble corriger les  erreurs dans la version 2.0.0.8 de Thunderbird, seule la version  2.0.0.6 est disponible en t\u00e9l\u00e9chargement public, \u00e0 la date de  r\u00e9daction de cet avis.\u003c/P\u003e",
  "content": "## Description\n\nLes produits Mozilla sont affect\u00e9s par plusieurs vuln\u00e9rabilit\u00e9s. L\u0027une\nconcerne une mauvaise gestion des URI (Uniform resource Identifier)\ncontenant des charact\u00e8res encod\u00e9s avec %. Une autre entraine un\ndysfonctionnement avec corruption de la m\u00e9moire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de Mozilla pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5338"
    },
    {
      "name": "CVE-2007-5340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5340"
    },
    {
      "name": "CVE-2007-2292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2292"
    },
    {
      "name": "CVE-2007-5339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5339"
    },
    {
      "name": "CVE-2007-3511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3511"
    },
    {
      "name": "CVE-2007-5334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5334"
    },
    {
      "name": "CVE-2007-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1095"
    },
    {
      "name": "CVE-2007-5337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5337"
    },
    {
      "name": "CVE-2006-2894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2894"
    },
    {
      "name": "CVE-2007-4841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4841"
    }
  ],
  "initial_release_date": "2007-10-19T00:00:00",
  "last_revision_date": "2007-10-22T00:00:00",
  "links": [
    {
      "title": "Mise \u00e0 jour Red Hat RHSA-2007-0979 du 19 octobre 2007 pour    Firefox :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0979.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2007-35 du    18 octobre 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-35.html"
    },
    {
      "title": "Mise \u00e0 jour Red Hat RHSA-2007-0981 du 19 octobre 2007 pour    Thunderbird :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0981.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2007-31 du    18 octobre 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-31.html"
    },
    {
      "title": "Alerte CERTA-2007-ALE-015 du 11 octobre 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-ALE-015/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2007-33 du    18 octobre 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-33.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2007-36 du    18 octobre 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-36.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2007-30 du    18 octobre 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-30.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2007-29 du    18 octobre 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-29.html"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Suse du 19 octobre 2007 :",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2007-32 du    18 octobre 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-32.html"
    },
    {
      "title": "Mise \u00e0 jour Red Hat RHSA-2007-0980 du 19 octobre 2007 pour    Seamonkey :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0980.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla MFSA2007-34 du    18 octobre 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-34.html"
    }
  ],
  "reference": "CERTA-2007-AVI-446",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-10-19T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences pour Red Hat et Suse.",
      "revision_date": "2007-10-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Les mises \u00e0 jour Mozilla corrigent plusieurs vuln\u00e9rabilit\u00e9s. Deux sont\nconsid\u00e9r\u00e9es comme critiques, dont l\u0027une en relation avec l\u0027alerte\nCERTA-2007-ALE-015 \u00abVuln\u00e9rabilit\u00e9 dans le traitement des URI sous\nWindows\u00bb.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans des produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Mozilla 2007-29 \u00e0 2007-36 du 18 octobre 2007",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-5334 (GCVE-0-2007-5334)

Vulnerability from cvelistv5

CERTA-2007-AVI-453

Vulnerability from certfr_avis

Description

Solution

CERTA-2007-AVI-446

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature