Home > Vulnerability Database > CVE-2007-3656

Mend.io Vulnerability Database

CVE-2007-3656

Date: July 10, 2007

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.

Severity Score

5.6

Related Resources (48)

Url: http://secunia.com/advisories/26072

Url: http://www.securityfocus.com/bid/24831

Url: https://access.redhat.com/security/cve/CVE-2007-3656

Url: http://www.securityfocus.com/archive/1/474226/100/0/threaded

Url: http://www.mozilla.org/security/announce/2007/mfsa2007-24.html

Url: http://secunia.com/advisories/26151

Url: http://secunia.com/advisories/26271

Url: http://www.vupen.com/english/advisories/2007/4256

Url: http://www.securityfocus.com/archive/1/473191/100/0/threaded

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=387333

Url: http://lcamtuf.coredump.cx/ffcache/

Url: http://securityreason.com/securityalert/2872

Url: http://secunia.com/advisories/26107

Url: http://osvdb.org/38028

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-3656

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:152

Url: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt

Url: http://secunia.com/advisories/25990

Url: http://secunia.com/advisories/26205

Url: http://secunia.com/advisories/26149

Url: http://secunia.com/advisories/26204

Url: http://secunia.com/advisories/26103

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Url: http://www.securitytracker.com/id?1018411

Url: http://www.debian.org/security/2007/dsa-1339

Url: http://www.debian.org/security/2007/dsa-1338

Url: http://www.securityfocus.com/archive/1/474542/100/0/threaded

Url: http://secunia.com/advisories/26460

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/35298

Url: http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml

Url: http://www.ubuntu.com/usn/usn-490-1

Url: http://www.debian.org/security/2007/dsa-1337

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1

Url: http://www.redhat.com/support/errata/RHSA-2007-0722.html

Url: ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9105

Url: http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html

Url: http://www.redhat.com/support/errata/RHSA-2007-0724.html

Url: http://secunia.com/advisories/26179

Url: http://secunia.com/advisories/26211

Url: http://www.novell.com/linux/security/advisories/2007_49_mozilla.html

Url: http://secunia.com/advisories/26216

Url: http://secunia.com/advisories/25589

Url: http://secunia.com/advisories/28135

Url: http://secunia.com/advisories/26159

Url: http://secunia.com/advisories/26258

Url: https://www.mend.io/vulnerability-database/CVE-2007-3656

Severity Score

5.6

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-3656

Date: July 10, 2007

Severity Score

Related Resources (48)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?