CVE-2007-3656 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure6 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

6.6%

top 8.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedJul 10

Latest updateMay 3

Description

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/firefox31 versions+30

🔴Vulnerability Details

GHSA

GHSA-wvwp-cg36-hgrc: Mozilla Firefox before 1↗2022-05-03

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2007-07-20

▶

Red Hat

security flaw↗2007-07-09

▶

💬Community

Bugzilla

CVE-2007-3656 security flaw↗2018-08-16

▶

Bugzilla

CVE-2007-3089 various flaws in mozilla products (CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3656 CVE-2007-3738)↗2007-07-17

▶