CVE-2007-5337

 

Published at: - 21-10-2007 10:17

Last modified: - 23-01-2023 07:44

Total changes: - 9

Description

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:N/A:N

 

Verification logic

 

Reference

• https://bugzilla.mozilla.org/show_bug.cgi?id=381146
• http://www.mozilla.org/security/announce/2007/mfsa2007-34.html
• https://issues.rpath.com/browse/RPL-1858
• http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
• DSA-1396-
• DSA-1401-
• DSA-1392-
• FEDORA-2007-2601-
• FEDORA-2007-2664-
• GLSA-200711-14-
• MDKSA-2007:202-
• RHSA-2007:0979-
• RHSA-2007:0980-
• RHSA-2007:0981-
• SUSE-SA:2007:057-
• USN-536-1-
• 26132-
• 1018837-
• 27276-
• 27325-
• 27327-
• 27335-
• 27356-
• 27383-
• 27425-
• 27403-
• 27480-
• 27387-
• 27298-
• 27336-
• 27665-
• 27414-
• FEDORA-2007-3431-
• 27680-
• 27360-
• 28398-
• 201516-
• ADV-2008-0083-
• ADV-2007-3544-
• HPSBUX02153-
• ADV-2007-3587-
• mozilla-sftp-file-access(37287)-
• oval:org.mitre.oval:def:11443-
• USN-535-1-
• 20071029 rPSA-2007-0225-2 firefox thunderbird-
• 20071029 FLEA-2007-0062-1 firefox-
• 20071026 rPSA-2007-0225-1 firefox-

 

Keywords

NVD

 

CVE-2007-5337

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures