CVE-2007-0981
First published: Fri Feb 16 2007(Updated: )
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla SeaMonkey | =1.0.3 | |
| Mozilla Firefox | =0.8 | |
| Mozilla Firefox | =1.5-beta2 | |
| Mozilla Firefox | =1.5.2 | |
| Mozilla SeaMonkey | =1.0.1 | |
| Mozilla SeaMonkey | =1.0.6 | |
| Mozilla Firefox | =1.5.0.6 | |
| Mozilla SeaMonkey | <=1.0.7 | |
| Mozilla Firefox | =1.5.0.3 | |
| Mozilla Firefox | <=1.5.0.9 | |
| Mozilla SeaMonkey | =1.0 | |
| Mozilla Firefox | =1.5.4 | |
| Mozilla Firefox | =1.0.2 | |
| Mozilla Firefox | =1.5-beta1 | |
| Mozilla Firefox | =1.5 | |
| Mozilla Firefox | =0.9.1 | |
| Mozilla Firefox | =1.0.4 | |
| Mozilla Firefox | =1.0.7 | |
| Mozilla Firefox | =0.10.1 | |
| Mozilla Firefox | =0.9 | |
| Mozilla Firefox | =1.5.6 | |
| Mozilla SeaMonkey | =1.0.2 | |
| Mozilla Firefox | =1.0 | |
| Mozilla Firefox | =1.5.0.7 | |
| Mozilla Firefox | =2.0 | |
| Mozilla Firefox | =1.0.1 | |
| Mozilla SeaMonkey | =1.0.5 | |
| Mozilla Firefox | =1.5.0.8 | |
| Mozilla Firefox | =1.0.6 | |
| Mozilla Firefox | =preview_release | |
| Mozilla Firefox | =1.5.0.5 | |
| Mozilla Firefox | =1.5.7 | |
| Mozilla Firefox | =1.5.0.2 | |
| Mozilla Firefox | =1.0.3 | |
| Mozilla Firefox | =1.5.1 | |
| Mozilla Firefox | =0.9.3 | |
| Mozilla Firefox | =2.0.0.1 | |
| Mozilla SeaMonkey | =1.0.4 | |
| Mozilla Firefox | =1.5.5 | |
| Mozilla Firefox | =0.9.2 | |
| Mozilla Firefox | =2.0-beta_1 | |
| Mozilla Firefox | =0.9-rc | |
| Mozilla Firefox | =1.5.8 | |
| Mozilla Firefox | =1.5.3 | |
| Mozilla Firefox | =1.5.0.4 | |
| Mozilla Firefox | =1.5.0.1 | |
| Mozilla Firefox | =0.10 | |
| Mozilla Firefox | =1.0.5 | |
| Mozilla Firefox | =2.0-rc3 | |
| Mozilla Firefox | =1.0.6 | |
| Mozilla Firefox | =1.0.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lcamtuf.dione.cc/ffhostname.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=370445
- http://www.kb.cert.org/vuls/id/885753
- http://www.securityfocus.com/bid/22566
- http://securitytracker.com/id?1017654
- http://www.mozilla.org/security/announce/2007/mfsa2007-07.html
- https://issues.rpath.com/browse/RPL-1081
- https://issues.rpath.com/browse/RPL-1103
- http://fedoranews.org/cms/node/2713
- http://fedoranews.org/cms/node/2728
- http://security.gentoo.org/glsa/glsa-200703-04.xml
- http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
- http://www.redhat.com/support/errata/RHSA-2007-0079.html
- http://rhn.redhat.com/errata/RHSA-2007-0077.html
- http://www.redhat.com/support/errata/RHSA-2007-0078.html
- http://www.redhat.com/support/errata/RHSA-2007-0097.html
- http://www.redhat.com/support/errata/RHSA-2007-0108.html
- http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
- http://www.ubuntu.com/usn/usn-428-1
- http://www.osvdb.org/32104
- http://secunia.com/advisories/24175
- http://secunia.com/advisories/24238
- http://secunia.com/advisories/24287
- http://secunia.com/advisories/24290
- http://secunia.com/advisories/24205
- http://secunia.com/advisories/24328
- http://secunia.com/advisories/24333
- http://secunia.com/advisories/24343
- http://secunia.com/advisories/24320
- http://secunia.com/advisories/24293
- http://secunia.com/advisories/24393
- http://secunia.com/advisories/24395
- http://secunia.com/advisories/24384
- http://secunia.com/advisories/24437
- http://secunia.com/advisories/24650
- http://www.debian.org/security/2007/dsa-1336
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
- http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
- http://secunia.com/advisories/24455
- http://secunia.com/advisories/24457
- http://secunia.com/advisories/24342
- http://secunia.com/advisories/25588
- http://securityreason.com/securityalert/2262
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://www.securityfocus.com/archive/1/460217/100/0/threaded
- http://www.vupen.com/english/advisories/2007/0718
- http://www.vupen.com/english/advisories/2008/0083
- http://www.vupen.com/english/advisories/2007/0624
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32533
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9730
- http://www.securityfocus.com/archive/1/461809/100/0/threaded
- http://www.securityfocus.com/archive/1/461336/100/0/threaded
- http://www.securityfocus.com/archive/1/460126/100/200/threaded
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.0.3
- canonical/mozilla firefox
- version/mozilla firefox/0.8
- version/mozilla firefox/1.5-beta2
- version/mozilla firefox/1.5.2
- version/mozilla seamonkey/1.0.1
- version/mozilla seamonkey/1.0.6
- version/mozilla firefox/1.5.0.6
- version/mozilla seamonkey/1.0.7
- version/mozilla firefox/1.5.0.3
- version/mozilla firefox/1.5.0.9
- version/mozilla seamonkey/1.0
- version/mozilla firefox/1.5.4
- version/mozilla firefox/1.0.2
- version/mozilla firefox/1.5-beta1
- version/mozilla firefox/1.5
- version/mozilla firefox/0.9.1
- version/mozilla firefox/1.0.4
- version/mozilla firefox/1.0.7
- version/mozilla firefox/0.10.1
- version/mozilla firefox/0.9
- version/mozilla firefox/1.5.6
- version/mozilla seamonkey/1.0.2
- version/mozilla firefox/1.0
- version/mozilla firefox/1.5.0.7
- version/mozilla firefox/2.0
- version/mozilla firefox/1.0.1
- version/mozilla seamonkey/1.0.5
- version/mozilla firefox/1.5.0.8
- version/mozilla firefox/1.0.6
- version/mozilla firefox/preview_release
- version/mozilla firefox/1.5.0.5
- version/mozilla firefox/1.5.7
- version/mozilla firefox/1.5.0.2
- version/mozilla firefox/1.0.3
- version/mozilla firefox/1.5.1
- version/mozilla firefox/0.9.3
- version/mozilla firefox/2.0.0.1
- version/mozilla seamonkey/1.0.4
- version/mozilla firefox/1.5.5
- version/mozilla firefox/0.9.2
- version/mozilla firefox/2.0-beta_1
- version/mozilla firefox/0.9-rc
- version/mozilla firefox/1.5.8
- version/mozilla firefox/1.5.3
- version/mozilla firefox/1.5.0.4
- version/mozilla firefox/1.5.0.1
- version/mozilla firefox/0.10
- version/mozilla firefox/1.0.5
- version/mozilla firefox/2.0-rc3
- version/mozilla firefox/1.0.8