CVE Vulnerability

CVE-2007-0779

GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor.

6.4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www.mozilla.org/security/announce/2007/mfsa2007-04.html Patch Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=361298
https://issues.rpath.com/browse/RPL-1081
https://issues.rpath.com/browse/RPL-1103
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
http://www.redhat.com/support/errata/RHSA-2007-0079.html
http://rhn.redhat.com/errata/RHSA-2007-0077.html
http://www.redhat.com/support/errata/RHSA-2007-0078.html
http://www.redhat.com/support/errata/RHSA-2007-0097.html
http://www.redhat.com/support/errata/RHSA-2007-0108.html
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://www.ubuntu.com/usn/usn-428-1
http://www.securityfocus.com/bid/22694 Patch
http://www.securitytracker.com/id?1017700
http://secunia.com/advisories/24238 Vendor Advisory
http://secunia.com/advisories/24287 Vendor Advisory
http://secunia.com/advisories/24290 Vendor Advisory
http://secunia.com/advisories/24205 Vendor Advisory
http://secunia.com/advisories/24328 Vendor Advisory
http://secunia.com/advisories/24333 Vendor Advisory
http://secunia.com/advisories/24343 Vendor Advisory
http://secunia.com/advisories/24320 Vendor Advisory
http://secunia.com/advisories/24293 Vendor Advisory
http://secunia.com/advisories/24393 Vendor Advisory
http://secunia.com/advisories/24395 Vendor Advisory
http://secunia.com/advisories/24384 Vendor Advisory
http://secunia.com/advisories/24437 Vendor Advisory
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://secunia.com/advisories/24650 Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://secunia.com/advisories/24455 Vendor Advisory
http://secunia.com/advisories/24457 Vendor Advisory
http://secunia.com/advisories/24342 Vendor Advisory
http://osvdb.org/32109
http://www.vupen.com/english/advisories/2008/0083
http://www.vupen.com/english/advisories/2007/0718
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8757
http://www.securityfocus.com/archive/1/461809/100/0/threaded
http://www.securityfocus.com/archive/1/461336/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:mozilla:firefox:0.9_rc:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.99:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
Information

Published : 2007-02-26 08:28

Updated : 2018-10-16 04:34

NVD link : CVE-2007-0779

Mitre link : CVE-2007-0779

Products Affected
No products.
CWE
NVD-CWE-Other