CVE-2007-0802

Sažetak

Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.

Reference

http://kaneda.bohater.net/security/20070111-firefox_2.0.0.1_bypass_phishing_protection.php
https://bugzilla.mozilla.org/show_bug.cgi?id=367538
http://osvdb.org/33705
http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0516.html
http://www.securityfocus.com/archive/1/459265/100/0/threaded

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

26-02-2022 - 04:06

Objavljeno

07-02-2007 - 11:28