Vulnerability Description
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 1.0 |
Related Weaknesses (CWE)
References
- ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
- ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://lcamtuf.coredump.cx/ffcache/Exploit
- http://osvdb.org/38028
- http://secunia.com/advisories/25589
- http://secunia.com/advisories/25990
- http://secunia.com/advisories/26072
- http://secunia.com/advisories/26103
- http://secunia.com/advisories/26107
- http://secunia.com/advisories/26149
- http://secunia.com/advisories/26151
- http://secunia.com/advisories/26159
- http://secunia.com/advisories/26179
- http://secunia.com/advisories/26204
FAQ
What is CVE-2007-3656?
CVE-2007-3656 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison t...
How severe is CVE-2007-3656?
CVE-2007-3656 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3656?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.