CVE-2007-0981
published 2007-02-16CVE-2007-0981: Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
12.14%
95.6th percentile
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
Affected
45 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | <= 1.5.0.9 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox regression
vendor_ubuntu·2007-03-02·CVSS 5.0
[MEDIUM] Firefox regression
Title: Firefox regression
Summary: Firefox regression
USN-428-1 fixed vulnerabilities in Firefox 1.5. However, changes to
library paths caused applications depending on libnss3 to fail to start
up. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Several flaws have been found that could be used to perform Cross-site
scripting attacks. A malicious web site could exploit these to modify
the contents or steal confidential data (such as passwords) from other
opened web pages. (CVE-2006-6077, CVE-2007-0780, CVE-2007-0800,
CVE-2007-0981, CVE-2007-0995, CVE-2007-0996)
The SSLv2 protocol support in the NSS library did not sufficiently
check the validity of public keys presented with a SSL certificate. A
malicious SSL web site using SSLv2 could pot
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2007-03-01·CVSS 5.0
CVE-2007-1092 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox vulnerabilities
Several flaws have been found that could be used to perform Cross-site
scripting attacks. A malicious web site could exploit these to modify
the contents or steal confidential data (such as passwords) from other
opened web pages. (CVE-2006-6077, CVE-2007-0780, CVE-2007-0800,
CVE-2007-0981, CVE-2007-0995, CVE-2007-0996)
The SSLv2 protocol support in the NSS library did not sufficiently
check the validity of public keys presented with a SSL certificate. A
malicious SSL web site using SSLv2 could potentially exploit this to
execute arbitrary code with the user's privileges. (CVE-2007-0008)
The SSLv2 protocol support in the NSS library did not sufficiently
verify the validity of client master keys presented in an SSL client
ce
Red Hat
: seamonkey cookie setting / same-domain bypass vulnerability
vendor_redhat·2007-02-23·CVSS 7.5
CVE-2007-0981 [HIGH] : seamonkey cookie setting / same-domain bypass vulnerability
: seamonkey cookie setting / same-domain bypass vulnerability
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
GHSA
GHSA-j9xc-r2mv-xr3g: Mozilla based browsers, including Firefox before 1
ghsa_unreviewed·2022-05-03
CVE-2007-0981 [HIGH] GHSA-j9xc-r2mv-xr3g: Mozilla based browsers, including Firefox before 1
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
No detection rules found.
Bugzilla
CVE-2007-3844 Privilege escalation through chrome-loaded about:blank windows
bugzilla·2007-08-02·CVSS 4.3
CVE-2007-3844 [MEDIUM] CVE-2007-3844 Privilege escalation through chrome-loaded about:blank windows
CVE-2007-3844 Privilege escalation through chrome-loaded about:blank windows
MFSA2007-26 describes a flaw in the way Firefox loads certain about:blank
windows. This flaw could allow certain Firefox extensions to be leveraged to
execute arbitrary code as the user running Firefox.
http://www.mozilla.org/security/announce/2007/mfsa2007-26.html
Discussion:
This issue was addressed in all versions of Red Hat Enterprise Linux for
firefox, seamonkey and thunderbird in following erratas:
https://rhn.redhat.com/errata/RHSA-2007-0979.html
https://rhn.redhat.com/errata/RHSA-2007-0980.html
https://rhn.redhat.com/errata/RHSA-2007-0981.html
Updates for Fedora are also available now.
Bugzilla
CVE-2007-0775 Multiple Thunderbird flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007
bugzilla·2007-03-01·CVSS 5.0
CVE-2007-0775 [MEDIUM] CVE-2007-0775 Multiple Thunderbird flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007
CVE-2007-0775 Multiple Thunderbird flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-0981, CVE-2007-1282)
+++ This bug was initially created as a clone of Bug #230542 +++
The Mozilla project is releasing Thunderbird 1.5.0.10 to fix several flaws:
mfsa2007-01
impact=moderate,source=mozilla,reported=20070222,public=20070223
CVE-2007-0775
Jesse Ruderman, Martijn Wargers and Olli Pettay reported crashes in the
layout engine
CVE-2007-0777
Brian Crowder, Igor Bukanov, Johnny Stenback, moz_bug_r_a4 and shutdown
reported potential memory corruption in the JavaScript engine
mfsa2007-02
impact=moderate,source=mozilla,reported=20070222,public=20070223
CVE-2007-0995
The Mozilla pa
Bugzilla
CVE-2007-0775 Multiple Thunderbird flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007
bugzilla·2007-03-01·CVSS 5.0
CVE-2007-0775 [MEDIUM] CVE-2007-0775 Multiple Thunderbird flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007
CVE-2007-0775 Multiple Thunderbird flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-0981, CVE-2007-1092)
+++ This bug was initially created as a clone of Bug #229802 +++
The Mozilla project is releasing Thunderbird 1.5.0.10 to fix several flaws:
mfsa2007-01
impact=moderate,source=mozilla,reported=20070222,public=20070223
CVE-2007-0775
Jesse Ruderman, Martijn Wargers and Olli Pettay reported crashes in the
layout engine
CVE-2007-0777
Brian Crowder, Igor Bukanov, Johnny Stenback, moz_bug_r_a4 and shutdown
reported potential memory corruption in the JavaScript engine
mfsa2007-02
impact=moderate,source=mozilla,reported=20070222,public=20070223
CVE-2007-0995
The Mozilla pa
Bugzilla
CVE-2007-0775 Multiple Firefox flaws (CVE-2007-0777, CVE-2007-0994, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-000
bugzilla·2007-02-26·CVSS 5.0
CVE-2007-0775 [MEDIUM] CVE-2007-0775 Multiple Firefox flaws (CVE-2007-0777, CVE-2007-0994, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-000
CVE-2007-0775 Multiple Firefox flaws (CVE-2007-0777, CVE-2007-0994, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-0981)
+++ This bug was initially created as a clone of Bug #229802 +++
The Mozilla project is releasing Firefox 1.5.0.10 to fix several flaws:
mfsa2007-01
impact=critical,source=mozilla,reported=20070222,public=20070223
CVE-2007-0775
Jesse Ruderman, Martijn Wargers and Olli Pettay reported crashes in the
layout engine
CVE-2007-0777
Brian Crowder, Igor Bukanov, Johnny Stenback, moz_bug_r_a4 and shutdown
reported potential memory corruption in the JavaScript engine
mfsa2007-02
impact=moderate,source=mozilla,reported=20070222,public=20070223
CVE-2007-0995
The Mozilla parser for
Bugzilla
CVE-2007-0775 Multiple Seamonkey flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-0
bugzilla·2007-02-23·CVSS 5.0
CVE-2007-0775 [MEDIUM] CVE-2007-0775 Multiple Seamonkey flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-0
CVE-2007-0775 Multiple Seamonkey flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-0981)
+++ This bug was initially created as a clone of Bug #229802 +++
The Mozilla project is releasing Seamonkey 1.0.8 to fix several flaws:
mfsa2007-01
impact=critical,source=mozilla,reported=20070222,public=20070223
CVE-2007-0775
Jesse Ruderman, Martijn Wargers and Olli Pettay reported crashes in the
layout engine
CVE-2007-0777
Brian Crowder, Igor Bukanov, Johnny Stenback, moz_bug_r_a4 and shutdown
reported potential memory corruption in the JavaScript engine
mfsa2007-02
impact=moderate,source=mozilla,reported=20070222,public=20070223
CVE-2007-0995
The Mozilla parser formerly ignored
Bugzilla
CVE-2007-0775 Multiple Firefox flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-098
bugzilla·2007-02-23·CVSS 5.0
CVE-2007-0775 [MEDIUM] CVE-2007-0775 Multiple Firefox flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-098
CVE-2007-0775 Multiple Firefox flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-0981)
The Mozilla project is releasing Firefox 1.5.0.10 to fix several flaws:
mfsa2007-01
impact=critical,source=mozilla,reported=20070222,public=20070223
CVE-2007-0775
Jesse Ruderman, Martijn Wargers and Olli Pettay reported crashes in the
layout engine
CVE-2007-0777
Brian Crowder, Igor Bukanov, Johnny Stenback, moz_bug_r_a4 and shutdown
reported potential memory corruption in the JavaScript engine
mfsa2007-02
impact=moderate,source=mozilla,reported=20070222,public=20070223
CVE-2007-0995
The Mozilla parser formerly ignored invalid trailing characters in HTML tag
attribute names. This could
Bugzilla
CVE-2007-0981: seamonkey cookie setting / same-domain bypass vulnerability
bugzilla·2007-02-19·CVSS 7.5
CVE-2007-0981 [HIGH] CVE-2007-0981: seamonkey cookie setting / same-domain bypass vulnerability
CVE-2007-0981: seamonkey cookie setting / same-domain bypass vulnerability
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0981
"Mozilla based browsers allows remote attackers to bypass the same origin
policy, steal cookies, and conduct other attacks by writing a URI with a null
byte to the hostname (location.hostname) DOM property, due to interactions with
DNS resolver code."
Seamonkey seems vulnerable. See also
https://bugzilla.mozilla.org/show_bug.cgi?id=370445
Discussion:
The SeaMonkey version in Fedora Extras 6 is 1.0.8.
SeaMonkey 1.0.8 is based on Mozilla technology version 1.8.0.10.
The underlying bug at mozilla.org has been marked as fixed and verified 1.8.0.10
So I conclude this bug has been fixed in seamonkey-1.0.8-0.6.2.fc6 since 2007-03-01.
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.ascftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.aschttp://fedoranews.org/cms/node/2713http://fedoranews.org/cms/node/2728http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://lcamtuf.dione.cc/ffhostname.htmlhttp://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0077.htmlhttp://secunia.com/advisories/24175http://secunia.com/advisories/24205http://secunia.com/advisories/24238http://secunia.com/advisories/24287http://secunia.com/advisories/24290http://secunia.com/advisories/24293http://secunia.com/advisories/24320http://secunia.com/advisories/24328http://secunia.com/advisories/24333http://secunia.com/advisories/24342http://secunia.com/advisories/24343http://secunia.com/advisories/24384http://secunia.com/advisories/24393http://secunia.com/advisories/24395http://secunia.com/advisories/24437http://secunia.com/advisories/24455http://secunia.com/advisories/24457http://secunia.com/advisories/24650http://secunia.com/advisories/25588http://security.gentoo.org/glsa/glsa-200703-04.xmlhttp://securityreason.com/securityalert/2262http://securitytracker.com/id?1017654http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851http://www.debian.org/security/2007/dsa-1336http://www.gentoo.org/security/en/glsa/glsa-200703-08.xmlhttp://www.kb.cert.org/vuls/id/885753http://www.mandriva.com/security/advisories?name=MDKSA-2007:050http://www.mozilla.org/security/announce/2007/mfsa2007-07.htmlhttp://www.novell.com/linux/security/advisories/2007_22_mozilla.htmlhttp://www.osvdb.org/32104http://www.redhat.com/support/errata/RHSA-2007-0078.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0079.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0097.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0108.htmlhttp://www.securityfocus.com/archive/1/460126/100/200/threadedhttp://www.securityfocus.com/archive/1/460217/100/0/threadedhttp://www.securityfocus.com/archive/1/461336/100/0/threadedhttp://www.securityfocus.com/archive/1/461809/100/0/threadedhttp://www.securityfocus.com/bid/22566http://www.ubuntu.com/usn/usn-428-1http://www.vupen.com/english/advisories/2007/0624http://www.vupen.com/english/advisories/2007/0718http://www.vupen.com/english/advisories/2008/0083https://bugzilla.mozilla.org/show_bug.cgi?id=370445https://exchange.xforce.ibmcloud.com/vulnerabilities/32533https://issues.rpath.com/browse/RPL-1081https://issues.rpath.com/browse/RPL-1103https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9730ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.ascftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.aschttp://fedoranews.org/cms/node/2713http://fedoranews.org/cms/node/2728http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://lcamtuf.dione.cc/ffhostname.htmlhttp://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0077.htmlhttp://secunia.com/advisories/24175http://secunia.com/advisories/24205http://secunia.com/advisories/24238http://secunia.com/advisories/24287http://secunia.com/advisories/24290http://secunia.com/advisories/24293http://secunia.com/advisories/24320http://secunia.com/advisories/24328http://secunia.com/advisories/24333http://secunia.com/advisories/24342http://secunia.com/advisories/24343http://secunia.com/advisories/24384http://secunia.com/advisories/24393http://secunia.com/advisories/24395http://secunia.com/advisories/24437http://secunia.com/advisories/24455http://secunia.com/advisories/24457http://secunia.com/advisories/24650http://secunia.com/advisories/25588http://security.gentoo.org/glsa/glsa-200703-04.xmlhttp://securityreason.com/securityalert/2262http://securitytracker.com/id?1017654http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851http://www.debian.org/security/2007/dsa-1336http://www.gentoo.org/security/en/glsa/glsa-200703-08.xmlhttp://www.kb.cert.org/vuls/id/885753http://www.mandriva.com/security/advisories?name=MDKSA-2007:050http://www.mozilla.org/security/announce/2007/mfsa2007-07.htmlhttp://www.novell.com/linux/security/advisories/2007_22_mozilla.htmlhttp://www.osvdb.org/32104http://www.redhat.com/support/errata/RHSA-2007-0078.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0079.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0097.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0108.html
+ 14 more references
2007-02-16
Published