National Cyber Awareness System

Vulnerability Summary for CVE-2007-1362

Overview

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA07-151A

Name: TA07-151A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA07-151A.html

External Source: CONFIRM

Name: http://www.mozilla.org/security/announce/2007/mfsa2007-14.html

Type: Patch Information

Hyperlink:http://www.mozilla.org/security/announce/2007/mfsa2007-14.html

External Source: VUPEN

Name: ADV-2007-1994

Hyperlink:http://www.vupen.com/english/advisories/2007/1994

External Source: OVAL

Name: oval:org.mitre.oval:def:10759

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10759

External Source: OSVDB

Name: 35140

Hyperlink:http://osvdb.org/35140

External Source: HP

Name: HPSBUX02153

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

External Source: CONFIRM

Name: https://issues.rpath.com/browse/RPL-1424

Hyperlink:https://issues.rpath.com/browse/RPL-1424

External Source: XF

Name: mozilla-doccookie-dos(34613)

Hyperlink:http://xforce.iss.net/xforce/xfdb/34613

External Source: UBUNTU

Name: USN-468-1

Hyperlink:http://www.ubuntu.com/usn/usn-468-1

External Source: SECTRACK

Name: 1018163

Hyperlink:http://www.securitytracker.com/id?1018163

External Source: SECTRACK

Name: 1018162

Hyperlink:http://www.securitytracker.com/id?1018162

External Source: BID

Name: 24242

Hyperlink:http://www.securityfocus.com/bid/24242

External Source: BID

Name: 22879

Hyperlink:http://www.securityfocus.com/bid/22879

External Source: BUGTRAQ

Name: 20070531 FLEA-2007-0023-1: firefox

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/470172/100/200/threaded

External Source: REDHAT

Name: RHSA-2007:0402

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0402.html

External Source: REDHAT

Name: RHSA-2007:0401

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0401.html

External Source: REDHAT

Name: RHSA-2007:0400

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0400.html

External Source: OSVDB

Name: 35139

Hyperlink:http://www.osvdb.org/35139

External Source: SUSE

Name: SUSE-SA:2007:036

Hyperlink:http://www.novell.com/linux/security/advisories/2007_36_mozilla.html

External Source: MANDRIVA

Name: MDKSA-2007:126

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:126

External Source: MANDRIVA

Name: MDKSA-2007:120

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:120

External Source: DEBIAN

Name: DSA-1308

Hyperlink:http://www.debian.org/security/2007/dsa-1308

External Source: DEBIAN

Name: DSA-1306

Hyperlink:http://www.debian.org/security/2007/dsa-1306

External Source: DEBIAN

Name: DSA-1300

Hyperlink:http://www.debian.org/security/2007/dsa-1300

External Source: SLACKWARE

Name: SSA:2007-152-02

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857

External Source: GENTOO

Name: GLSA-200706-06

Hyperlink:http://security.gentoo.org/glsa/glsa-200706-06.xml

External Source: SECUNIA

Name: 25858

Hyperlink:http://secunia.com/advisories/25858

External Source: SECUNIA

Name: 25750

Hyperlink:http://secunia.com/advisories/25750

External Source: SECUNIA

Name: 25685

Hyperlink:http://secunia.com/advisories/25685

External Source: SECUNIA

Name: 25647

Hyperlink:http://secunia.com/advisories/25647

External Source: SECUNIA

Name: 25635

Hyperlink:http://secunia.com/advisories/25635

External Source: SECUNIA

Name: 25559

Hyperlink:http://secunia.com/advisories/25559

External Source: SECUNIA

Name: 25534

Hyperlink:http://secunia.com/advisories/25534

External Source: SECUNIA

Name: 25533

Hyperlink:http://secunia.com/advisories/25533

External Source: SECUNIA

Name: 25490

Hyperlink:http://secunia.com/advisories/25490

External Source: SECUNIA

Name: 25476

Hyperlink:http://secunia.com/advisories/25476

External Source: HP

Name: HPSBUX02153

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

References to Check Content

Identifier:oval:org.mitre.oval:def:10759

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10759