SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2007-5960

Date: (C)2007-11-26 (M)2023-12-22

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE

Reference:

SUNALERT-1018977

SECTRACK-1018995

http://www.securityfocus.com/archive/1/488002/100/0/threaded

http://www.securityfocus.com/archive/1/488971/100/0/threaded

SUNALERT-231441

FEDORA-2007-3952

FEDORA-2007-4098

FEDORA-2007-4106

FEDORA-2007-756

SSA:2007-331-01

SSA:2007-333-01

SUSE-SA:2007:066

http://browser.netscape.com/releasenotes/

http://bugs.gentoo.org/show_bug.cgi?id=198965

http://bugs.gentoo.org/show_bug.cgi?id=200909

http://wiki.rpath.com/Advisories:rPSA-2008-0093

http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093

http://www.mozilla.org/security/announce/2007/mfsa2007-39.html

https://issues.rpath.com/browse/RPL-1984

https://issues.rpath.com/browse/RPL-1995

mozilla-http-referer-spoofing(38644)

oval:org.mitre.oval:def:9794

© SecPod Technologies