Home > Vulnerability Database > CVE-2007-0981

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2007-0981

Date: February 15, 2007

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.

Severity Score

7.3

Related Resources (61)

Url: http://secunia.com/advisories/24290

Url: http://www.securityfocus.com/archive/1/461809/100/0/threaded

Url: http://secunia.com/advisories/24293

Url: https://issues.rpath.com/browse/RPL-1081

Url: https://access.redhat.com/security/cve/CVE-2007-0981

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-0981

Url: http://secunia.com/advisories/24328

Url: http://www.osvdb.org/32104

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9730

Url: http://secunia.com/advisories/24205

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=370445

Url: http://www.novell.com/linux/security/advisories/2007_22_mozilla.html

Url: http://secunia.com/advisories/24320

Url: http://secunia.com/advisories/24287

Url: http://www.ubuntu.com/usn/usn-428-1

Url: http://security.gentoo.org/glsa/glsa-200703-04.xml

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Url: http://www.securityfocus.com/archive/1/461336/100/0/threaded

Url: ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

Url: http://www.securityfocus.com/archive/1/460217/100/0/threaded

Url: http://www.debian.org/security/2007/dsa-1336

Url: http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml

Url: http://www.redhat.com/support/errata/RHSA-2007-0078.html

Url: http://secunia.com/advisories/24457

Url: http://www.vupen.com/english/advisories/2007/0718

Url: http://secunia.com/advisories/24650

Url: http://www.redhat.com/support/errata/RHSA-2007-0097.html

Url: http://secunia.com/advisories/24175

Url: http://secunia.com/advisories/25588

Url: http://secunia.com/advisories/24455

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/32533

Url: http://securityreason.com/securityalert/2262

Url: http://secunia.com/advisories/24333

Url: http://www.securityfocus.com/archive/1/460126/100/200/threaded

Url: http://secunia.com/advisories/24393

Url: http://fedoranews.org/cms/node/2728

Url: https://issues.rpath.com/browse/RPL-1103

Url: ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

Url: http://www.vupen.com/english/advisories/2008/0083

Url: http://www.mozilla.org/security/announce/2007/mfsa2007-07.html

Url: http://www.vupen.com/english/advisories/2007/0624

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-0981

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

Url: http://secunia.com/advisories/24342

Url: http://www.redhat.com/support/errata/RHSA-2007-0079.html

Url: http://secunia.com/advisories/24384

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:050

Url: http://secunia.com/advisories/24343

Url: http://www.securityfocus.com/bid/22566

Url: http://fedoranews.org/cms/node/2713

Url: http://www.kb.cert.org/vuls/id/885753

Url: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

Url: http://securitytracker.com/id?1017654

Url: http://secunia.com/advisories/24437

Url: http://secunia.com/advisories/24238

Url: http://rhn.redhat.com/errata/RHSA-2007-0077.html

Url: http://www.redhat.com/support/errata/RHSA-2007-0108.html

Url: http://lcamtuf.dione.cc/ffhostname.html

Url: http://secunia.com/advisories/24395

Url: https://www.mend.io/vulnerability-database/CVE-2007-0981

Severity Score

7.3

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us