Vulnerability Description
Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 2.0.0.3 |
References
- http://securityreason.com/securityalert/2488
- http://www.securityfocus.com/archive/1/464041/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33487
- http://securityreason.com/securityalert/2488
- http://www.securityfocus.com/archive/1/464041/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33487
FAQ
What is CVE-2007-1736?
CVE-2007-1736 is a vulnerability with a CVSS score of 7.5 (HIGH). Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.
How severe is CVE-2007-1736?
CVE-2007-1736 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1736?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.