1. Home
  2. CVE Database
  3. CVE-2007-5960
MEDIUM · 4.3

CVE-2007-5960

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, w...

Vulnerability Description

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
MozillaFirefox0.8
MozillaSeamonkey<= 1.1.7

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2007-5960?

CVE-2007-5960 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, w...

How severe is CVE-2007-5960?

CVE-2007-5960 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-5960?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey.