Vulnerability Details : CVE-2007-2871
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.
Products affected by CVE-2007-2871
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-2871
12.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-2871
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2007-2871
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/34606
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:126
-
http://www.redhat.com/support/errata/RHSA-2007-0401.html
Support
-
http://www.ubuntu.com/usn/usn-468-1
-
http://secunia.com/advisories/25488
-
http://www.redhat.com/support/errata/RHSA-2007-0400.html
-
http://www.redhat.com/support/errata/RHSA-2007-0402.html
Support
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
The Slackware Linux Project: Slackware Security Advisories
-
http://www.securitytracker.com/id?1018155
-
http://secunia.com/advisories/25635
-
http://secunia.com/advisories/25469
-
http://www.mozilla.org/security/announce/2007/mfsa2007-17.html
Vendor Advisory
-
http://secunia.com/advisories/25490
-
http://www.securityfocus.com/bid/24242
-
http://www.debian.org/security/2007/dsa-1306
-
http://www.securityfocus.com/archive/1/470172/100/200/threaded
-
http://secunia.com/advisories/25534
About Secunia Research | Flexera
-
http://secunia.com/advisories/25559
About Secunia Research | Flexera
-
http://www.debian.org/security/2007/dsa-1300
[SECURITY] [DSA 1300-1] New iceape packages fix several vulnerabilities
-
http://secunia.com/advisories/25750
About Secunia Research | Flexera
-
http://www.debian.org/security/2007/dsa-1308
-
http://secunia.com/advisories/25533
-
http://secunia.com/advisories/25476
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2007/1994
Site en construction
-
http://osvdb.org/35137
-
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
404 Page Not Found | SUSE
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:120
-
http://secunia.com/advisories/25858
About Secunia Research | Flexera
-
http://www.securitytracker.com/id?1018156
-
http://secunia.com/advisories/25491
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
-
http://secunia.com/advisories/25647
-
http://security.gentoo.org/glsa/glsa-200706-06.xml
Mozilla products: Multiple vulnerabilities (GLSA 200706-06) — Gentoo security
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11433
-
http://www.us-cert.gov/cas/techalerts/TA07-151A.html
Page Not Found | CISAUS Government Resource
-
https://issues.rpath.com/browse/RPL-1424
-
http://secunia.com/advisories/25685
Jump to