CVE-2007-5960 — Path Traversal in Mozilla Seamonkey

CWE-22 — Path Traversal CWE-352 — Cross-Site Request Forgery6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

1.3%

top 20.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Firefox

Timeline

PublishedNov 26

Latest updateMay 1

Description

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/seamonkey1.1.7

▶NVDmozilla/firefox48 versions+47

🔴Vulnerability Details

GHSA

GHSA-9vw2-7m33-r6hw: Mozilla Firefox before 2↗2022-05-01

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2007-12-04

▶

Red Hat

Mozilla Cross-site Request Forgery flaw↗2007-11-26

▶

Ubuntu

Firefox vulnerabilities↗2007-11-26

▶

💬Community

Bugzilla

CVE-2007-5960 Mozilla Cross-site Request Forgery flaw↗2007-11-21

▶