CVE-2007-5960

NONECVSS 0.0

0.0

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

🔗 References (114)

secalert@redhathttp://browser.netscape.com/releasenotes/
secalert@redhathttp://bugs.gentoo.org/show_bug.cgi?id=198965
secalert@redhathttp://bugs.gentoo.org/show_bug.cgi?id=200909
secalert@redhathttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html
secalert@redhathttp://secunia.com/advisories/27725
secalert@redhathttp://secunia.com/advisories/27793
secalert@redhathttp://secunia.com/advisories/27796
secalert@redhathttp://secunia.com/advisories/27797
secalert@redhathttp://secunia.com/advisories/27800
secalert@redhathttp://secunia.com/advisories/27816
secalert@redhathttp://secunia.com/advisories/27838
secalert@redhathttp://secunia.com/advisories/27845
secalert@redhathttp://secunia.com/advisories/27855
secalert@redhathttp://secunia.com/advisories/27944

Is Your Infrastructure Affected by CVE-2007-5960?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-5960

📅 Published

🔄 Last Modified

🔗 References (114)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-5960?