CVE - CVE-2007-3656

CVE-ID
CVE-2007-3656	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:24831 URL:http://www.securityfocus.com/bid/24831 BUGTRAQ:20070709 Firefox wyciwyg:// cache zone bypass URL:http://www.securityfocus.com/archive/1/473191/100/0/threaded BUGTRAQ:20070720 rPSA-2007-0148-1 firefox thunderbird URL:http://www.securityfocus.com/archive/1/474226/100/0/threaded BUGTRAQ:20070724 FLEA-2007-0033-1: firefox thunderbird URL:http://www.securityfocus.com/archive/1/474542/100/0/threaded CONFIRM:ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt CONFIRM:http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html CONFIRM:http://www.mozilla.org/security/announce/2007/mfsa2007-24.html CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=387333 DEBIAN:DSA-1337 URL:http://www.debian.org/security/2007/dsa-1337 DEBIAN:DSA-1338 URL:http://www.debian.org/security/2007/dsa-1338 DEBIAN:DSA-1339 URL:http://www.debian.org/security/2007/dsa-1339 GENTOO:GLSA-200708-09 URL:http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml HP:HPSBUX02153 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 HP:SSRT061181 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 MANDRIVA:MDKSA-2007:152 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:152~~ (Obsolete source) MISC:http://lcamtuf.coredump.cx/ffcache/ OSVDB:38028 URL:~~http://osvdb.org/38028~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:9105 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9105 REDHAT:RHSA-2007:0722 URL:http://www.redhat.com/support/errata/RHSA-2007-0722.html REDHAT:RHSA-2007:0724 URL:http://www.redhat.com/support/errata/RHSA-2007-0724.html SECTRACK:1018411 URL:http://www.securitytracker.com/id?1018411 SECUNIA:25589 URL:http://secunia.com/advisories/25589 SECUNIA:25990 URL:http://secunia.com/advisories/25990 SECUNIA:26072 URL:http://secunia.com/advisories/26072 SECUNIA:26103 URL:http://secunia.com/advisories/26103 SECUNIA:26107 URL:http://secunia.com/advisories/26107 SECUNIA:26149 URL:http://secunia.com/advisories/26149 SECUNIA:26151 URL:http://secunia.com/advisories/26151 SECUNIA:26159 URL:http://secunia.com/advisories/26159 SECUNIA:26179 URL:http://secunia.com/advisories/26179 SECUNIA:26204 URL:http://secunia.com/advisories/26204 SECUNIA:26205 URL:http://secunia.com/advisories/26205 SECUNIA:26211 URL:http://secunia.com/advisories/26211 SECUNIA:26216 URL:http://secunia.com/advisories/26216 SECUNIA:26258 URL:http://secunia.com/advisories/26258 SECUNIA:26271 URL:http://secunia.com/advisories/26271 SECUNIA:26460 URL:http://secunia.com/advisories/26460 SECUNIA:28135 URL:http://secunia.com/advisories/28135 SGI:20070701-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc SREASON:2872 URL:http://securityreason.com/securityalert/2872 SUNALERT:103177 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1~~ (Obsolete source) SUNALERT:201516 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1~~ (Obsolete source) SUSE:SUSE-SA:2007:049 URL:http://www.novell.com/linux/security/advisories/2007_49_mozilla.html UBUNTU:USN-490-1 URL:http://www.ubuntu.com/usn/usn-490-1 VUPEN:ADV-2007-4256 URL:~~http://www.vupen.com/english/advisories/2007/4256~~ (Obsolete source) XF:mozilla-wyciwyg-security-bypass(35298) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/35298
Assigning CNA
MITRE Corporation
Date Record Created
20070710	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070710)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)