CVE-2007-0802

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 07-02-2007 12:28

Last modified: - 26-02-2022 05:06

Total changes: - 2

Description

Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:P/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

6.4

Base score

10.0

4.9

Exploitability score

Impact score

Verification logic

vendor=mozilla AND product=firefox AND version=2.0.0.1

vendor=opera AND product=opera_browser AND version=9.10

Reference

http://kaneda.bohater.net/security/20070111-firefox_2.0.0.1_bypass_phishing_protection.php
https://bugzilla.mozilla.org/show_bug.cgi?id=367538
33705-Broken Link
20070418 Firefox 2.0.0.3 Phishing Protection Bypass Vulnerability-Broken Link
20070206 Firefox 2.0.0.1 and Opera 9.10 Anty Fraud/Phishing Protection bypass.-Broken Link, Third Party Advisory, VDB Entry

Keywords

CVE-2007-0802

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2007-0802

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures