FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-0981

This CVE name corresponds to:

Entered Topic
2007-02-24 mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2007-0981
Phase Assigned(20070215)

Description

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.

References

Source Reference
BUGTRAQ 20070226 rPSA-2007-0040-1 firefox
BUGTRAQ 20070303 rPSA-2007-0040-3 firefox thunderbird
BUGTRAQ 20070214 Firefox: serious cookie stealing / same-domain bypass vulnerability
FULLDISC 20070215 Firefox: serious cookie stealing / same-domain bypass vulnerability
FULLDISC 20070215 Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability
MISC http://lcamtuf.dione.cc/ffhostname.html
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=370445
CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-07.html
CONFIRM https://issues.rpath.com/browse/RPL-1081
CONFIRM https://issues.rpath.com/browse/RPL-1103
DEBIAN DSA-1336
FEDORA FEDORA-2007-281
FEDORA FEDORA-2007-293
GENTOO GLSA-200703-04
GENTOO GLSA-200703-08
HP HPSBUX02153
HP SSRT061181
MANDRIVA MDKSA-2007:050
REDHAT RHSA-2007:0079
REDHAT RHSA-2007:0077
REDHAT RHSA-2007:0078
REDHAT RHSA-2007:0097
REDHAT RHSA-2007:0108
SGI 20070301-01-P
SGI 20070202-01-P
SLACKWARE SSA:2007-066-03
SLACKWARE SSA:2007-066-05
SUSE SUSE-SA:2007:019
SUSE SUSE-SA:2007:022
UBUNTU USN-428-1
CERT-VN VU#885753
BID 22566
OVAL oval:org.mitre.oval:def:9730
VUPEN ADV-2007-0624
VUPEN ADV-2007-0718
VUPEN ADV-2008-0083
OSVDB 32104
SECTRACK 1017654
SECUNIA 24175
SECUNIA 24238
SECUNIA 24287
SECUNIA 24290
SECUNIA 24205
SECUNIA 24328
SECUNIA 24333
SECUNIA 24343
SECUNIA 24320
SECUNIA 24293
SECUNIA 24393
SECUNIA 24395
SECUNIA 24384
SECUNIA 24437
SECUNIA 24650
SECUNIA 24455
SECUNIA 24457
SECUNIA 24342
SECUNIA 25588
SREASON 2262
XF firefox-locationhostname-security-bypass(32533)