Vulnerability Description
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 1.5.0.9 |
| Mozilla | Seamonkey | <= 1.0.7 |
Related Weaknesses (CWE)
References
- ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
- ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
- http://fedoranews.org/cms/node/2713
- http://fedoranews.org/cms/node/2728
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://lcamtuf.dione.cc/ffhostname.htmlExploit
- http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
- http://rhn.redhat.com/errata/RHSA-2007-0077.htmlVendor Advisory
- http://secunia.com/advisories/24175Vendor Advisory
- http://secunia.com/advisories/24205Vendor Advisory
- http://secunia.com/advisories/24238Vendor Advisory
- http://secunia.com/advisories/24287Vendor Advisory
- http://secunia.com/advisories/24290Vendor Advisory
- http://secunia.com/advisories/24293Vendor Advisory
- http://secunia.com/advisories/24320Vendor Advisory
FAQ
What is CVE-2007-0981?
CVE-2007-0981 is a vulnerability with a CVSS score of 7.5 (HIGH). Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other ...
How severe is CVE-2007-0981?
CVE-2007-0981 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0981?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey.