CVE-2007-3656 Information

Feb 14, 2021 cve

Description

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI which allows remote attackers to obtain sensitive information poison the browser cache and possibly enable further attack vectors via (1) HTTP 302 redirect controls (2) XMLHttpRequest or (3) view-source URIs.

Reference

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lcamtuf.coredump.cx/ffcache/ http://osvdb.org/38028 http://secunia.com/advisories/25589 http://secunia.com/advisories/25990 http://secunia.com/advisories/26072 http://secunia.com/advisories/26103 http://secunia.com/advisories/26107 http://secunia.com/advisories/26149 http://secunia.com/advisories/26151 http://secunia.com/advisories/26159 http://secunia.com/advisories/26179 http://secunia.com/advisories/26204 http://secunia.com/advisories/26205 http://secunia.com/advisories/26211 http://secunia.com/advisories/26216 http://secunia.com/advisories/26258 http://secunia.com/advisories/26271 http://secunia.com/advisories/26460 http://secunia.com/advisories/28135 http://securityreason.com/securityalert/2872 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1 http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html http://www.debian.org/security/2007/dsa-1337 http://www.debian.org/security/2007/dsa-1338 http://www.debian.org/security/2007/dsa-1339 http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:152 http://www.mozilla.org/security/announce/2007/mfsa2007-24.html http://www.novell.com/linux/security/advisories/2007_49_mozilla.html http://www.redhat.com/support/errata/RHSA-2007-0722.html http://www.redhat.com/support/errata/RHSA-2007-0724.html http://www.securityfocus.com/archive/1/473191/100/0/threaded http://www.securityfocus.com/archive/1/474226/100/0/threaded http://www.securityfocus.com/archive/1/474542/100/0/threaded http://www.securityfocus.com/bid/24831 http://www.securitytracker.com/id?1018411 http://www.ubuntu.com/usn/usn-490-1 http://www.vupen.com/english/advisories/2007/4256 https://bugzilla.mozilla.org/show_bug.cgi?id=387333 https://exchange.xforce.ibmcloud.com/vulnerabilities/35298 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9105

Share on: