CVE - CVE-2007-5960

CVE-ID
CVE-2007-5960	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1018977 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1~~ (Obsolete source) MISC:1018995 URL:http://securitytracker.com/id?1018995 MISC:20080212 FLEA-2008-0001-1 firefox URL:http://www.securityfocus.com/archive/1/488002/100/0/threaded MISC:20080229 rPSA-2008-0093-1 thunderbird URL:http://www.securityfocus.com/archive/1/488971/100/0/threaded MISC:231441 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1~~ (Obsolete source) MISC:26589 URL:http://www.securityfocus.com/bid/26589 MISC:27725 URL:http://secunia.com/advisories/27725 MISC:27793 URL:http://secunia.com/advisories/27793 MISC:27796 URL:http://secunia.com/advisories/27796 MISC:27797 URL:http://secunia.com/advisories/27797 MISC:27800 URL:http://secunia.com/advisories/27800 MISC:27816 URL:http://secunia.com/advisories/27816 MISC:27838 URL:http://secunia.com/advisories/27838 MISC:27845 URL:http://secunia.com/advisories/27845 MISC:27855 URL:http://secunia.com/advisories/27855 MISC:27944 URL:http://secunia.com/advisories/27944 MISC:27955 URL:http://secunia.com/advisories/27955 MISC:27957 URL:http://secunia.com/advisories/27957 MISC:27979 URL:http://secunia.com/advisories/27979 MISC:28001 URL:http://secunia.com/advisories/28001 MISC:28016 URL:http://secunia.com/advisories/28016 MISC:28171 URL:http://secunia.com/advisories/28171 MISC:28277 URL:http://secunia.com/advisories/28277 MISC:28398 URL:http://secunia.com/advisories/28398 MISC:29164 URL:http://secunia.com/advisories/29164 MISC:ADV-2007-4002 URL:~~http://www.vupen.com/english/advisories/2007/4002~~ (Obsolete source) MISC:ADV-2007-4018 URL:~~http://www.vupen.com/english/advisories/2007/4018~~ (Obsolete source) MISC:ADV-2008-0083 URL:~~http://www.vupen.com/english/advisories/2008/0083~~ (Obsolete source) MISC:ADV-2008-0643 URL:~~http://www.vupen.com/english/advisories/2008/0643~~ (Obsolete source) MISC:DSA-1424 URL:http://www.debian.org/security/2007/dsa-1424 MISC:DSA-1425 URL:http://www.debian.org/security/2007/dsa-1425 MISC:FEDORA-2007-3952 URL:https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01011.html MISC:FEDORA-2007-4098 URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00168.html MISC:FEDORA-2007-4106 URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00135.html MISC:FEDORA-2007-756 URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00115.html MISC:GLSA-200712-21 URL:http://security.gentoo.org/glsa/glsa-200712-21.xml MISC:HPSBUX02153 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 MISC:MDKSA-2007:246 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:246~~ (Obsolete source) MISC:RHSA-2007:1082 URL:http://www.redhat.com/support/errata/RHSA-2007-1082.html MISC:RHSA-2007:1083 URL:http://www.redhat.com/support/errata/RHSA-2007-1083.html MISC:RHSA-2007:1084 URL:http://www.redhat.com/support/errata/RHSA-2007-1084.html MISC:SSA:2007-331-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374833 MISC:SSA:2007-333-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.365006 MISC:SSRT061181 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 MISC:SUSE-SA:2007:066 URL:http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html MISC:USN-546-1 URL:https://usn.ubuntu.com/546-1/ MISC:USN-546-2 URL:http://www.ubuntu.com/usn/usn-546-2 MISC:http://browser.netscape.com/releasenotes/ URL:http://browser.netscape.com/releasenotes/ MISC:http://bugs.gentoo.org/show_bug.cgi?id=198965 URL:http://bugs.gentoo.org/show_bug.cgi?id=198965 MISC:http://bugs.gentoo.org/show_bug.cgi?id=200909 URL:http://bugs.gentoo.org/show_bug.cgi?id=200909 MISC:http://wiki.rpath.com/Advisories:rPSA-2008-0093 URL:http://wiki.rpath.com/Advisories:rPSA-2008-0093 MISC:http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260 URL:http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260 MISC:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093 URL:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093 MISC:http://www.mozilla.org/security/announce/2007/mfsa2007-39.html URL:http://www.mozilla.org/security/announce/2007/mfsa2007-39.html MISC:https://issues.rpath.com/browse/RPL-1984 URL:https://issues.rpath.com/browse/RPL-1984 MISC:https://issues.rpath.com/browse/RPL-1995 URL:https://issues.rpath.com/browse/RPL-1995 MISC:mozilla-http-referer-spoofing(38644) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38644 MISC:oval:org.mitre.oval:def:9794 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9794
Assigning CNA
Red Hat, Inc.
Date Record Created
20071114	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071114)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)