National Vulnerability Database (NVD) National Vulnerability Database (CVE-2007-0778)

National Cyber Awareness System

Vulnerability Summary for CVE-2007-0778

Original release date:02/26/2007

Last revised:03/08/2011

Source: US-CERT/NIST

Overview

The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:5.4 (MEDIUM) (AV:N/AC:H/Au:N/C:C/I:N/A:N) (legend)

Impact Subscore: 6.9

Exploitability Subscore: 4.9

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: High

Authentication: Not required to exploit

Impact Type:Allows unauthorized disclosure of information

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: http://www.mozilla.org/security/announce/2007/mfsa2007-03.html

Type: Patch Information

Hyperlink:http://www.mozilla.org/security/announce/2007/mfsa2007-03.html

External Source: CONFIRM

Name: https://issues.rpath.com/browse/RPL-1103

Hyperlink:https://issues.rpath.com/browse/RPL-1103

External Source: CONFIRM

Name: https://issues.rpath.com/browse/RPL-1081

Hyperlink:https://issues.rpath.com/browse/RPL-1081

External Source: MISC

Name: https://bugzilla.mozilla.org/show_bug.cgi?id=347852

Hyperlink:https://bugzilla.mozilla.org/show_bug.cgi?id=347852

External Source: XF

Name: mozilla-diskcache-information-disclosure(32671)

Hyperlink:http://xforce.iss.net/xforce/xfdb/32671

External Source: VUPEN

Name: ADV-2008-0083

Hyperlink:http://www.vupen.com/english/advisories/2008/0083

External Source: VUPEN

Name: ADV-2007-0718

Hyperlink:http://www.vupen.com/english/advisories/2007/0718

External Source: UBUNTU

Name: USN-428-1

Hyperlink:http://www.ubuntu.com/usn/usn-428-1

External Source: BID

Name: 22694

Hyperlink:http://www.securityfocus.com/bid/22694

External Source: BUGTRAQ

Name: 20070303 rPSA-2007-0040-3 firefox thunderbird

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/461809/100/0/threaded

External Source: BUGTRAQ

Name: 20070226 rPSA-2007-0040-1 firefox

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/461336/100/0/threaded

External Source: REDHAT

Name: RHSA-2007:0108

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0108.html

External Source: REDHAT

Name: RHSA-2007:0097

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0097.html

External Source: REDHAT

Name: RHSA-2007:0079

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0079.html

External Source: REDHAT

Name: RHSA-2007:0078

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0078.html

External Source: OSVDB

Name: 32110

Hyperlink:http://www.osvdb.org/32110

External Source: GENTOO

Name: GLSA-200703-08

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml

External Source: SECTRACK

Name: 1017699

Hyperlink:http://securitytracker.com/id?1017699

External Source: GENTOO

Name: GLSA-200703-04

Hyperlink:http://security.gentoo.org/glsa/glsa-200703-04.xml

External Source: SECUNIA

Name: 24650

Type: Advisory

Hyperlink:http://secunia.com/advisories/24650

External Source: SECUNIA

Name: 24437

Type: Advisory

Hyperlink:http://secunia.com/advisories/24437

External Source: SECUNIA

Name: 24395

Type: Advisory

Hyperlink:http://secunia.com/advisories/24395

External Source: SECUNIA

Name: 24393

Type: Advisory

Hyperlink:http://secunia.com/advisories/24393

External Source: SECUNIA

Name: 24384

Type: Advisory

Hyperlink:http://secunia.com/advisories/24384

External Source: SECUNIA

Name: 24343

Type: Advisory

Hyperlink:http://secunia.com/advisories/24343

External Source: SECUNIA

Name: 24333

Type: Advisory

Hyperlink:http://secunia.com/advisories/24333

External Source: SECUNIA

Name: 24328

Type: Advisory

Hyperlink:http://secunia.com/advisories/24328

External Source: SECUNIA

Name: 24320

Type: Advisory

Hyperlink:http://secunia.com/advisories/24320

External Source: SECUNIA

Name: 24293

Type: Advisory

Hyperlink:http://secunia.com/advisories/24293

External Source: SECUNIA

Name: 24290

Type: Advisory

Hyperlink:http://secunia.com/advisories/24290

External Source: SECUNIA

Name: 24287

Type: Advisory

Hyperlink:http://secunia.com/advisories/24287

External Source: SECUNIA

Name: 24238

Type: Advisory

Hyperlink:http://secunia.com/advisories/24238

External Source: SECUNIA

Name: 24205

Type: Advisory

Hyperlink:http://secunia.com/advisories/24205

External Source: REDHAT

Name: RHSA-2007:0077

Hyperlink:http://rhn.redhat.com/errata/RHSA-2007-0077.html

External Source: OVAL

Name: oval:org.mitre.oval:def:9151

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9151

External Source: SUSE

Name: SUSE-SA:2007:019

Hyperlink:http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

External Source: HP

Name: SSRT061181

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

External Source: FEDORA

Name: FEDORA-2007-293

Hyperlink:http://fedoranews.org/cms/node/2728

External Source: FEDORA

Name: FEDORA-2007-281

Hyperlink:http://fedoranews.org/cms/node/2713

External Source: SGI

Name: 20070301-01-P

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

External Source: SUSE

Name: SUSE-SA:2007:022

Hyperlink:http://www.novell.com/linux/security/advisories/2007_22_mozilla.html

External Source: MANDRIVA

Name: MDKSA-2007:050

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:050

External Source: DEBIAN

Name: DSA-1336

Hyperlink:http://www.debian.org/security/2007/dsa-1336

External Source: SLACKWARE

Name: SSA:2007-066-03

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

External Source: SLACKWARE

Name: SSA:2007-066-05

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

External Source: SECUNIA

Name: 25588

Hyperlink:http://secunia.com/advisories/25588

External Source: SECUNIA

Name: 24457

Hyperlink:http://secunia.com/advisories/24457

External Source: SECUNIA

Name: 24455

Hyperlink:http://secunia.com/advisories/24455

External Source: SECUNIA

Name: 24342

Hyperlink:http://secunia.com/advisories/24342

External Source: HP

Name: HPSBUX02153

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

External Source: SGI

Name: 20070202-01-P

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

References to Check Content

Identifier:oval:org.mitre.oval:def:9151

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9151

Vulnerable software and versions

Configuration 1

* cpe:/a:mozilla:firefox:1.5.0.9 and previous versions

* cpe:/a:mozilla:firefox:2.0.0.1 and previous versions

* cpe:/a:mozilla:seamonkey:1.0.7 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778