CVE-2007-0778 — MEDIUM (5.4)

Q: How severe is CVE-2007-0778?

CVE-2007-0778 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-0778?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Canonical Ubuntu Linux, Debian Debian Linux.

Vulnerability Description

The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.

CVSS Score

5.4

MEDIUM

AV:N/AC:H/Au:N/C:C/I:N/A:N

Confidentiality

COMPLETE

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	>= 1.5, < 1.5.0.10
Mozilla	Seamonkey	< 1.0.8
Canonical	Ubuntu Linux	5.10
Debian	Debian Linux	3.1

Related Weaknesses (CWE)

CWE-200

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.ascBroken Link
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.ascBroken Link
http://fedoranews.org/cms/node/2713Broken Link
http://fedoranews.org/cms/node/2728Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742Broken Link
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.htmlBroken Link
http://rhn.redhat.com/errata/RHSA-2007-0077.htmlThird Party Advisory
http://secunia.com/advisories/24205Third Party Advisory
http://secunia.com/advisories/24238Third Party Advisory
http://secunia.com/advisories/24287Third Party Advisory
http://secunia.com/advisories/24290Third Party Advisory
http://secunia.com/advisories/24293Third Party Advisory
http://secunia.com/advisories/24320Third Party Advisory
http://secunia.com/advisories/24328Third Party Advisory
http://secunia.com/advisories/24333Third Party Advisory

FAQ

What is CVE-2007-0778?

CVE-2007-0778 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, w...

How severe is CVE-2007-0778?

CVE-2007-0778 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-0778?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Canonical Ubuntu Linux, Debian Debian Linux.