Vulnerability Description
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | All versions |
| Gnome | Gnome-Vfs | All versions |
| Mozilla | Firefox | <= 2.0.0.7 |
| Mozilla | Seamonkey | <= 1.1.4 |
Related Weaknesses (CWE)
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://secunia.com/advisories/27276
- http://secunia.com/advisories/27298
- http://secunia.com/advisories/27325
- http://secunia.com/advisories/27327
- http://secunia.com/advisories/27335
- http://secunia.com/advisories/27336
- http://secunia.com/advisories/27356
- http://secunia.com/advisories/27360
- http://secunia.com/advisories/27383
- http://secunia.com/advisories/27387
- http://secunia.com/advisories/27403
- http://secunia.com/advisories/27414
- http://secunia.com/advisories/27425
- http://secunia.com/advisories/27480
FAQ
What is CVE-2007-5337?
CVE-2007-5337 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept ke...
How severe is CVE-2007-5337?
CVE-2007-5337 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5337?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Gnome Gnome-Vfs, Mozilla Firefox, Mozilla Seamonkey.