[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-4879Date: (C)2007-09-13   (M)2023-12-22


Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1019704
http://www.securityfocus.com/archive/1/490196/100/0/threaded
SUNALERT-238492
BID-28448
SECUNIA-29526
SECUNIA-29539
SECUNIA-29541
SECUNIA-29547
SECUNIA-29558
SECUNIA-29560
SECUNIA-29616
SECUNIA-29645
SECUNIA-30327
SECUNIA-30620
ADV-2008-0998
ADV-2008-1793
DSA-1532
DSA-1534
DSA-1535
GLSA-200805-18
MDVSA-2008:080
SUSE-SA:2008:019
TA08-087A
USN-592-1
http://0x90.eu/ff_tls_poc.html
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128
http://www.mozilla.org/security/announce/2008/mfsa2008-17.html
https://bugzilla.mozilla.org/show_bug.cgi?id=395399

CPE    88
cpe:/a:mozilla:firefox:1.5.0.4
cpe:/a:mozilla:firefox:1.5.0.3
cpe:/a:mozilla:firefox:1.5.0.2
cpe:/a:mozilla:firefox:1.5:beta2
...
OVAL    4
oval:org.secpod.oval:def:301399
oval:org.mitre.oval:def:7395
oval:org.mitre.oval:def:7955
oval:org.mitre.oval:def:7869
...

© SecPod Technologies