CVE Reference: CVE-2007-5960

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2007-5960

Description:
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/38644

UBUNTU
  http://www.ubuntu.com/usn/usn-546-2
  http://www.ubuntulinux.org/support/documentation/usn/usn-546-1

SUSE
  http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html

SUNALERT
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
  http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1

ST
  1018995

SLACKWARE
  http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.365006
  http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374833

SAID
  Secunia Advisory: SA29164
  Secunia Advisory: SA27979
  Secunia Advisory: SA27855
  Secunia Advisory: SA28398
  Secunia Advisory: SA27845
  Secunia Advisory: SA27838
  Secunia Advisory: SA27800
  Secunia Advisory: SA28277
  Secunia Advisory: SA28171
  Secunia Advisory: SA27955
  Secunia Advisory: SA28016
  Secunia Advisory: SA28001
  Secunia Advisory: SA27957
  Secunia Advisory: SA27944
  Secunia Advisory: SA27796
  Secunia Advisory: SA27816
  Secunia Advisory: SA27725
  Secunia Advisory: SA27793
  Secunia Advisory: SA27797

REDHAT
  http://www.redhat.com/support/errata/RHSA-2007-1083.html
  http://www.redhat.com/support/errata/RHSA-2007-1082.html
  http://www.redhat.com/support/errata/RHSA-2007-1084.html

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9794

MISC
  http://bugs.gentoo.org/show_bug.cgi?id=200909
  http://bugs.gentoo.org/show_bug.cgi?id=198965

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDKSA-2007:246

HP
  http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

GENTOO
  http://security.gentoo.org/glsa/glsa-200712-21.xml

FEDORA

DEBIAN
  http://www.debian.org/security/2007/dsa-1425
  http://www.debian.org/security/2007/dsa-1424

CONFIRM
  http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
  http://wiki.rpath.com/Advisories:rPSA-2008-0093
  http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260
  http://browser.netscape.com/releasenotes/
  http://www.mozilla.org/security/announce/2007/mfsa2007-39.html

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/488971/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/488002/100/0/threaded

BID
  26589


Return to the previous page.