Vulnerability DatabaseCVE-2007-4879
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2007-4879
September 13, 2007
Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.
Related Resources (28)
http://www.vupen.com/english/advisories/2008/1793/references
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
http://www.securityfocus.com/bid/28448
http://www.securitytracker.com/id?1019704
http://www.debian.org/security/2008/dsa-1532
http://www.debian.org/security/2008/dsa-1534
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html
http://secunia.com/advisories/29541
http://secunia.com/advisories/30620
http://www.mandriva.com/security/advisories?name=MDVSA-2008:080
https://bugzilla.mozilla.org/show_bug.cgi?id=395399
http://www.mozilla.org/security/announce/2008/mfsa2008-17.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128
http://www.ubuntu.com/usn/usn-592-1
http://secunia.com/advisories/29547
http://www.vupen.com/english/advisories/2008/0998/references
http://www.debian.org/security/2008/dsa-1535
http://secunia.com/advisories/29645
http://secunia.com/advisories/29539
http://secunia.com/advisories/29560
http://secunia.com/advisories/29526
http://www.us-cert.gov/cas/techalerts/TA08-087A.html
http://0x90.eu/ff_tls_poc.html
http://secunia.com/advisories/29616
http://www.securityfocus.com/archive/1/490196/100/0/threaded
http://secunia.com/advisories/29558
http://secunia.com/advisories/30327
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
CVSS v2
Base Score:
5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
EPSS
Base Score:
1.52