ID CVE-2007-3144
Summary Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:mozilla:1.7.12:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.7.12:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
bid 24352
misc
osvdb 43466
xf multiple-basic-authentication-spoofing(34983)
statements via4
contributor Mark J Cox
lastmodified 2007-08-16
organization Red Hat
statement Not vulnerable. Mozilla is no longer shipped as part of any version of Red Hat Enterprise Linux. Mozilla was replaced by SeaMonkey in Red Hat Enterprise Linux by SeaMonkey which is not affected by this issue.
Last major update 29-07-2017 - 01:32
Published 11-06-2007 - 18:30
Last modified 29-07-2017 - 01:32
Back to Top