CVE-2007-0981 Information
Description
Mozilla based browsers including Firefox before 1.5.0.10 and 2.x before 2.0.0.2 and SeaMonkey before 1.0.8 allow remote attackers to bypass the same origin policy steal cookies and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property due to interactions with DNS resolver code.
Reference
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2713 http://fedoranews.org/cms/node/2728 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lcamtuf.dione.cc/ffhostname.html http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html http://rhn.redhat.com/errata/RHSA-2007-0077.html http://secunia.com/advisories/24175 http://secunia.com/advisories/24205 http://secunia.com/advisories/24238 http://secunia.com/advisories/24287 http://secunia.com/advisories/24290 http://secunia.com/advisories/24293 http://secunia.com/advisories/24320 http://secunia.com/advisories/24328 http://secunia.com/advisories/24333 http://secunia.com/advisories/24342 http://secunia.com/advisories/24343 http://secunia.com/advisories/24384 http://secunia.com/advisories/24393 http://secunia.com/advisories/24395 http://secunia.com/advisories/24437 http://secunia.com/advisories/24455 http://secunia.com/advisories/24457 http://secunia.com/advisories/24650 http://secunia.com/advisories/25588 http://security.gentoo.org/glsa/glsa-200703-04.xml http://securityreason.com/securityalert/2262 http://securitytracker.com/id?1017654 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 http://www.debian.org/security/2007/dsa-1336 http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml http://www.kb.cert.org/vuls/id/885753 http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 http://www.mozilla.org/security/announce/2007/mfsa2007-07.html http://www.novell.com/linux/security/advisories/2007_22_mozilla.html http://www.osvdb.org/32104 http://www.redhat.com/support/errata/RHSA-2007-0078.html http://www.redhat.com/support/errata/RHSA-2007-0079.html http://www.redhat.com/support/errata/RHSA-2007-0097.html http://www.redhat.com/support/errata/RHSA-2007-0108.html http://www.securityfocus.com/archive/1/460126/100/200/threaded http://www.securityfocus.com/archive/1/460217/100/0/threaded http://www.securityfocus.com/archive/1/461336/100/0/threaded http://www.securityfocus.com/archive/1/461809/100/0/threaded http://www.securityfocus.com/bid/22566 http://www.ubuntu.com/usn/usn-428-1 http://www.vupen.com/english/advisories/2007/0624 http://www.vupen.com/english/advisories/2007/0718 http://www.vupen.com/english/advisories/2008/0083 https://bugzilla.mozilla.org/show_bug.cgi?id=370445 https://exchange.xforce.ibmcloud.com/vulnerabilities/32533 https://issues.rpath.com/browse/RPL-1081 https://issues.rpath.com/browse/RPL-1103 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9730
Share on: