CVE-2007-0801 — Firefox vulnerability

4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.8%

top 26.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Firefox Debian Firefox-esr Mozilla Firefox

Timeline

PublishedFeb 7

Latest updateMay 1

Description

The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/firefox1.5.0.9

▶debiandebian/firefox< firefox 45.0-1 (sid)

▶debiandebian/firefox-esr< firefox 45.0-1 (sid)

🔴Vulnerability Details

GHSA

GHSA-hcj3-374q-57xq: The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1↗2022-05-01

▶

OSV

CVE-2007-0801: The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1↗2007-02-07

▶

📋Vendor Advisories

Debian

CVE-2007-0801: firefox - The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 crea...↗2007

▶