CVE-2007-1362
published 2007-06-01CVE-2007-1362: Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
7.83%
93.9th percentile
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2007-06-01·CVSS 4.3
CVE-2007-1362 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox vulnerabilities
Various flaws were discovered in the layout and JavaScript engines.
By tricking a user into opening a malicious web page, an attacker could
execute arbitrary code with the user's privileges. (CVE-2007-2867,
CVE-2007-2868)
A flaw was discovered in the form autocomplete feature. By tricking
a user into opening a malicious web page, an attacker could cause a
persistent denial of service. (CVE-2007-2869)
Nicolas Derouet discovered flaws in cookie handling. By tricking a user
into opening a malicious web page, an attacker could force the browser to
consume large quantities of disk or memory while processing long cookie
paths. (CVE-2007-1362)
A flaw was discovered in the same-origin policy handling of the
addEventListener JavaS
Red Hat
Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
vendor_redhat·2007-05-31·CVSS 4.3
CVE-2007-1362 [MEDIUM] Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."
GHSA
GHSA-877r-gp3p-67qm: Mozilla Firefox 1
ghsa_unreviewed·2022-05-01
CVE-2007-1362 [MEDIUM] CWE-20 GHSA-877r-gp3p-67qm: Mozilla Firefox 1
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."
No detection rules found.
Bugzilla
CVE-2007-1362 Miltiple Thunderbird flaws (CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2871)
bugzilla·2007-06-18·CVSS 4.3
CVE-2007-1362 [MEDIUM] CVE-2007-1362 Miltiple Thunderbird flaws (CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2871)
CVE-2007-1362 Miltiple Thunderbird flaws (CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2871)
-- Additional comment from [email protected] on 2007-05-30 12:47 EST --
Thunderbird 2.0.0.4 is being released to fix the following security flaws:
CVE-2007-2867 MFSA 2007-12 Layout engine
CVE-2007-2868 MFSA 2007-12 Javascript engine
CVE-2007-2869 MFSA 2007-13
CVE-2007-1362 MFSA 2007-14
CVE-2007-1558 MFSA 2007-15
CVE-2007-2871 MFSA 2007-17
Please see the upstream advisories for detailed flaw information:
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Discussion:
thunderbird-2.0.0.4-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Bugzilla
CVE-2007-1362 Miltiple Thunderbird flaws (CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2871)
bugzilla·2007-05-31·CVSS 4.3
CVE-2007-1362 [MEDIUM] CVE-2007-1362 Miltiple Thunderbird flaws (CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2871)
CVE-2007-1362 Miltiple Thunderbird flaws (CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2871)
+++ This bug was initially created as a clone of Bug #241671 +++
Thunderbird 1.5.0.12 is being released to fix the following security flaws:
CVE-2007-2867 MFSA 2007-12 Layout engine
CVE-2007-2868 MFSA 2007-12 Javascript engine
CVE-2007-2869 MFSA 2007-13
CVE-2007-1362 MFSA 2007-14
CVE-2007-1558 MFSA 2007-15
CVE-2007-2871 MFSA 2007-17
Please see the upstream advisories for detailed flaw information:
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Discussion:
FC6 reached EOL.
Bugzilla
CVE-2007-1362 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
bugzilla·2007-05-31·CVSS 4.3
CVE-2007-1362 [MEDIUM] CVE-2007-1362 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
CVE-2007-1362 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
+++ This bug was initially created as a clone of Bug #241670 +++
Firefox 1.5.0.12 is being released to fix the following security flaws:
CVE-2007-1562 MFSA 2007-11
CVE-2007-2867 MFSA 2007-12 Layout engine
CVE-2007-2868 MFSA 2007-12 Javascript engine
CVE-2007-2869 MFSA 2007-13
CVE-2007-1362 MFSA 2007-14
CVE-2007-2870 MFSA 2007-16
CVE-2007-2871 MFSA 2007-17
Please see the upstream advisories for detailed flaw information:
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Bugzilla
CVE-2007-1362 Miltiple Seamonkey flaws (CVE-2007-1562, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
bugzilla·2007-05-31·CVSS 4.3
CVE-2007-1362 [MEDIUM] CVE-2007-1362 Miltiple Seamonkey flaws (CVE-2007-1562, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
CVE-2007-1362 Miltiple Seamonkey flaws (CVE-2007-1562, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
+++ This bug was initially created as a clone of Bug #241672 +++
Seamonkey 1.0.9 is being released to fix the following security flaws:
CVE-2007-1562 MFSA 2007-11
CVE-2007-2867 MFSA 2007-12 Layout engine
CVE-2007-2868 MFSA 2007-12 Javascript engine
CVE-2007-2869 MFSA 2007-13
CVE-2007-1362 MFSA 2007-14
CVE-2007-1558 MFSA 2007-15
CVE-2007-2870 MFSA 2007-16
CVE-2007-2871 MFSA 2007-17
Please see the upstream advisories for detailed flaw information:
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Discussion:
Fedora Core 5 is no longer supported, could you please reproduce this with the
updated version of the currently support
Bugzilla
CVE-2007-1362 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
bugzilla·2007-05-29·CVSS 4.3
CVE-2007-1362 [MEDIUM] CVE-2007-1362 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
CVE-2007-1362 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
Firefox 1.5.0.12 is being released to fix the following security flaws:
CVE-2007-1562 MFSA 2007-11
CVE-2007-2867 MFSA 2007-12 Layout engine
CVE-2007-2868 MFSA 2007-12 Javascript engine
CVE-2007-2869 MFSA 2007-13
CVE-2007-1362 MFSA 2007-14
CVE-2007-2870 MFSA 2007-16
CVE-2007-2871 MFSA 2007-17
Please see the upstream advisories for detailed flaw information:
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Discussion:
Lifting embargo
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where t
Bugzilla
CVE-2007-1362 Miltiple Seamonkey flaws (CVE-2007-1562, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
bugzilla·2007-05-29·CVSS 4.3
CVE-2007-1362 [MEDIUM] CVE-2007-1362 Miltiple Seamonkey flaws (CVE-2007-1562, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
CVE-2007-1362 Miltiple Seamonkey flaws (CVE-2007-1562, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
Seamonkey 1.0.9 is being released to fix the following security flaws:
CVE-2007-1562 MFSA 2007-11
CVE-2007-2867 MFSA 2007-12 Layout engine
CVE-2007-2868 MFSA 2007-12 Javascript engine
CVE-2007-2869 MFSA 2007-13
CVE-2007-1362 MFSA 2007-14
CVE-2007-1558 MFSA 2007-15
CVE-2007-2870 MFSA 2007-16
CVE-2007-2871 MFSA 2007-17
Please see the upstream advisories for detailed flaw information:
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Discussion:
These flaws also affect Seamonkey as shipped in RHEL 2.1 and 3
---
Lifting embargo
---
An advisory has been issued which should help the problem
described in this bug report. This r
Bugzilla
CVE-2007-1362 Miltiple Thunderbird flaws (CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2871)
bugzilla·2007-05-29·CVSS 4.3
CVE-2007-1362 [MEDIUM] CVE-2007-1362 Miltiple Thunderbird flaws (CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2871)
CVE-2007-1362 Miltiple Thunderbird flaws (CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2871)
Seamonkey 1.0.9 is being released to fix the following security flaws:
CVE-2007-2867 MFSA 2007-12 Layout engine
CVE-2007-2868 MFSA 2007-12 Javascript engine
CVE-2007-2869 MFSA 2007-13
CVE-2007-1362 MFSA 2007-14
CVE-2007-1558 MFSA 2007-15
CVE-2007-2871 MFSA 2007-17
Please see the upstream advisories for detailed flaw information:
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Discussion:
Lifting embargo
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://osvdb.org/35140http://secunia.com/advisories/25476http://secunia.com/advisories/25490http://secunia.com/advisories/25533http://secunia.com/advisories/25534http://secunia.com/advisories/25559http://secunia.com/advisories/25635http://secunia.com/advisories/25647http://secunia.com/advisories/25685http://secunia.com/advisories/25750http://secunia.com/advisories/25858http://security.gentoo.org/glsa/glsa-200706-06.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857http://www.debian.org/security/2007/dsa-1300http://www.debian.org/security/2007/dsa-1306http://www.debian.org/security/2007/dsa-1308http://www.mandriva.com/security/advisories?name=MDKSA-2007:120http://www.mandriva.com/security/advisories?name=MDKSA-2007:126http://www.mozilla.org/security/announce/2007/mfsa2007-14.htmlhttp://www.novell.com/linux/security/advisories/2007_36_mozilla.htmlhttp://www.osvdb.org/35139http://www.redhat.com/support/errata/RHSA-2007-0400.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0401.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0402.htmlhttp://www.securityfocus.com/archive/1/470172/100/200/threadedhttp://www.securityfocus.com/bid/22879http://www.securityfocus.com/bid/24242http://www.securitytracker.com/id?1018162http://www.securitytracker.com/id?1018163http://www.ubuntu.com/usn/usn-468-1http://www.us-cert.gov/cas/techalerts/TA07-151A.htmlhttp://www.vupen.com/english/advisories/2007/1994https://exchange.xforce.ibmcloud.com/vulnerabilities/34613https://issues.rpath.com/browse/RPL-1424https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10759http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://osvdb.org/35140http://secunia.com/advisories/25476http://secunia.com/advisories/25490http://secunia.com/advisories/25533http://secunia.com/advisories/25534http://secunia.com/advisories/25559http://secunia.com/advisories/25635http://secunia.com/advisories/25647http://secunia.com/advisories/25685http://secunia.com/advisories/25750http://secunia.com/advisories/25858http://security.gentoo.org/glsa/glsa-200706-06.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857http://www.debian.org/security/2007/dsa-1300http://www.debian.org/security/2007/dsa-1306http://www.debian.org/security/2007/dsa-1308http://www.mandriva.com/security/advisories?name=MDKSA-2007:120http://www.mandriva.com/security/advisories?name=MDKSA-2007:126http://www.mozilla.org/security/announce/2007/mfsa2007-14.htmlhttp://www.novell.com/linux/security/advisories/2007_36_mozilla.htmlhttp://www.osvdb.org/35139http://www.redhat.com/support/errata/RHSA-2007-0400.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0401.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0402.htmlhttp://www.securityfocus.com/archive/1/470172/100/200/threadedhttp://www.securityfocus.com/bid/22879http://www.securityfocus.com/bid/24242http://www.securitytracker.com/id?1018162http://www.securitytracker.com/id?1018163http://www.ubuntu.com/usn/usn-468-1http://www.us-cert.gov/cas/techalerts/TA07-151A.htmlhttp://www.vupen.com/english/advisories/2007/1994https://exchange.xforce.ibmcloud.com/vulnerabilities/34613https://issues.rpath.com/browse/RPL-1424https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10759
2007-06-01
Published