Vulnerability Details : CVE-2007-0778
The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.
Vulnerability category: Information leak
Products affected by CVE-2007-0778
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-0778
6.81%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-0778
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.4
|
MEDIUM | AV:N/AC:H/Au:N/C:C/I:N/A:N |
4.9
|
6.9
|
NIST |
CWE ids for CVE-2007-0778
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-0778
-
http://www.redhat.com/support/errata/RHSA-2007-0078.html
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0097.html
Third Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=347852
Issue Tracking
-
http://www.vupen.com/english/advisories/2008/0083
Webmail: access your OVH emails on ovhcloud.com | OVHcloudThird Party Advisory
-
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
Broken Link
-
http://www.mozilla.org/security/announce/2007/mfsa2007-03.html
Patch;Vendor Advisory
-
http://fedoranews.org/cms/node/2728
Broken Link
-
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
Broken Link
-
http://securitytracker.com/id?1017699
Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/22694
Third Party Advisory;VDB Entry
-
http://www.redhat.com/support/errata/RHSA-2007-0079.html
Third Party Advisory
-
http://fedoranews.org/cms/node/2713
Broken Link
-
http://www.vupen.com/english/advisories/2007/0718
Third Party Advisory
-
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
Broken Link
-
http://www.debian.org/security/2007/dsa-1336
Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0108.html
Third Party Advisory
-
http://security.gentoo.org/glsa/glsa-200703-04.xml
Mozilla Firefox: Multiple vulnerabilities (GLSA 200703-04) — Gentoo securityThird Party Advisory
-
http://www.securityfocus.com/archive/1/461336/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/usn-428-1
Third Party Advisory
-
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
SeaMonkey: Multiple vulnerabilities (GLSA 200703-08) — Gentoo securityThird Party Advisory
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
Mailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2007-0077.html
Third Party Advisory
-
https://issues.rpath.com/browse/RPL-1081
Broken Link
-
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
Broken Link
-
http://www.securityfocus.com/archive/1/461809/100/0/threaded
Third Party Advisory;VDB Entry
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
Mailing List;Third Party Advisory
-
https://issues.rpath.com/browse/RPL-1103
Broken Link
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Broken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/32671
VDB Entry;Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9151
Broken Link
Jump to