CVE-2005-2707
First published: Fri Sep 23 2005(Updated: )
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox and Thunderbird | =1.0.2 | |
| Mozilla Firefox and Thunderbird | <=1.0.6 | |
| Mozilla Suite | <=1.7.11 | |
| Mozilla Suite | =1.7.10 | |
| Mozilla Firefox and Thunderbird | =1.0.4 | |
| Mozilla Suite | =1.7.8 | |
| Mozilla Firefox and Thunderbird | =1.0 | |
| Mozilla Firefox and Thunderbird | =1.0.1 | |
| Mozilla Firefox and Thunderbird | =1.0.3 | |
| Mozilla Suite | =1.7.7 | |
| Mozilla Suite | =1.7.6 | |
| Mozilla Firefox and Thunderbird | =1.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/support/errata/RHSA-2005-785.html
- http://securitytracker.com/id?1014954
- http://www.mozilla.org/security/announce/mfsa2005-59.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:169
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:170
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
- http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
- http://www.redhat.com/support/errata/RHSA-2005-789.html
- http://www.securityfocus.com/bid/14919
- http://secunia.com/advisories/16911
- http://secunia.com/advisories/16917
- http://www.debian.org/security/2005/dsa-868
- http://www.redhat.com/support/errata/RHSA-2005-791.html
- http://www.securityfocus.com/bid/15495
- http://secunia.com/advisories/17042
- http://secunia.com/advisories/17090
- http://secunia.com/advisories/17149
- http://secunia.com/advisories/17284
- http://www.debian.org/security/2005/dsa-838
- http://www.debian.org/security/2005/dsa-866
- http://secunia.com/advisories/17026
- http://secunia.com/advisories/17263
- http://www.novell.com/linux/security/advisories/2005_58_mozilla.html
- http://secunia.com/advisories/16977
- http://secunia.com/advisories/17014
- http://secunia.com/advisories/19823
- http://www.vupen.com/english/advisories/2005/1824
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22380
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1197
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11130
Frequently Asked Questions
What is the severity of CVE-2005-2707?
CVE-2005-2707 is considered to be a moderate severity vulnerability that could lead to spoofing attacks.
How do I fix CVE-2005-2707?
To fix CVE-2005-2707, upgrade to Firefox version 1.0.7 or later and Mozilla Suite version 1.7.12 or later.
What versions are affected by CVE-2005-2707?
CVE-2005-2707 affects Firefox versions earlier than 1.0.7 and Mozilla Suite versions earlier than 1.7.12.
What type of attacks can CVE-2005-2707 enable?
CVE-2005-2707 can enable attackers to conduct spoofing or phishing attacks by spawning deceptive windows.
Is CVE-2005-2707 a user-interface related vulnerability?
Yes, CVE-2005-2707 is a user-interface related vulnerability that allows windows to be created without standard interface components.
- agent/type
- agent/softwarecombine
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/mozilla firefox and thunderbird
- version/mozilla firefox and thunderbird/1.0.2
- version/mozilla firefox and thunderbird/1.0.6
- canonical/mozilla suite
- version/mozilla suite/1.7.11
- version/mozilla suite/1.7.10
- version/mozilla firefox and thunderbird/1.0.4
- version/mozilla suite/1.7.8
- version/mozilla firefox and thunderbird/1.0
- version/mozilla firefox and thunderbird/1.0.1
- version/mozilla firefox and thunderbird/1.0.3
- version/mozilla suite/1.7.7
- version/mozilla suite/1.7.6
- version/mozilla firefox and thunderbird/1.0.5