Vulnerability Description
Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 2.0.0.12 |
| Mozilla | Seamonkey | <= 1.1.8 |
References
- http://0x90.eu/ff_tls_poc.html
- http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html
- http://secunia.com/advisories/29526Vendor Advisory
- http://secunia.com/advisories/29539Vendor Advisory
- http://secunia.com/advisories/29541Vendor Advisory
- http://secunia.com/advisories/29547Vendor Advisory
- http://secunia.com/advisories/29558Vendor Advisory
- http://secunia.com/advisories/29560Vendor Advisory
- http://secunia.com/advisories/29616Vendor Advisory
- http://secunia.com/advisories/29645Vendor Advisory
- http://secunia.com/advisories/30327Vendor Advisory
- http://secunia.com/advisories/30620Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128
- http://www.debian.org/security/2008/dsa-1532
FAQ
What is CVE-2007-4879?
CVE-2007-4879 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when re...
How severe is CVE-2007-4879?
CVE-2007-4879 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4879?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey.