CVE-2007-4879Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information Exposure5 documents3 sources
Severity
5.0MEDIUMNVD
NVD4.3
EPSS
1.5%
top 18.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedSep 13
Latest updateMay 1

Description

Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDmozilla/firefox2.0.0.12+60
NVDmozilla/seamonkey1.1.8+18

🔴Vulnerability Details

2
GHSA
GHSA-5r28-wf7x-cq3h: CFNetwork in Safari in Apple Mac OS X before 102022-05-01
GHSA
GHSA-p6j7-wg3q-q2c3: Mozilla Firefox before Firefox 22022-05-01

📋Vendor Advisories

1
Ubuntu
Firefox vulnerabilities2008-03-26
CVE-2007-4879 — Sensitive Information Exposure | cvebase