CVE-2007-1116 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure2 documents2 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 31.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedFeb 26

Latest updateMay 1

Description

The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript, which allows remote attackers to obtain sensitive information by querying the browser's session history.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox1.8

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-w3jv-r8w6-4m8j: The CheckLoadURI function in Mozilla Firefox 1↗2022-05-01

▶