Mozilla Firefox 1.5.0.12/2.0.0.4/2.0.0.5/2.0.0.6/2.0.0.7 File Upload cross site scripting
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
3.9 | $0-$5k | 0.00 |
A vulnerability has been found in Mozilla Firefox 1.5.0.12/2.0.0.4/2.0.0.5/2.0.0.6/2.0.0.7 (Web Browser) and classified as problematic. This vulnerability affects an unknown code block of the component File Upload. The manipulation with an unknown input leads to a cross site scripting vulnerability. The CWE definition for the vulnerability is CWE-80. The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. As an impact it is known to affect integrity. CVE summarizes:
The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.
The bug was discovered 06/30/2007. The weakness was presented 06/30/2007 (Website). The advisory is shared for download at redhat.com. This vulnerability was named CVE-2007-3511 since 07/02/2007. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1059.007.
It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 27540 (CentOS 4 / 5 : firefox (CESA-2007:0979)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CentOS Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 156031 (Oracle Enterprise Linux Update for Firefox (ELSA-2007-0979)).
Upgrading to version 1.0.4 eliminates this vulnerability. A possible mitigation has been published 4 months after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (35299) and Tenable (27540). See 2297, 2296, 2298 and 3404 for similar entries.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.3VulDB Meta Temp Score: 3.9
VulDB Base Score: 4.3
VulDB Temp Score: 3.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Cross site scriptingCWE: CWE-80 / CWE-74 / CWE-707
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 27540
Nessus Name: CentOS 4 / 5 : firefox (CESA-2007:0979)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 58689
OpenVAS Name: Debian Security Advisory DSA 1392-1 (xulrunner)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Firefox 1.0.4
PaloAlto IPS: 🔍
Timeline
06/30/2007 🔍06/30/2007 🔍
07/02/2007 🔍
07/02/2007 🔍
07/02/2007 🔍
07/02/2007 🔍
07/03/2007 🔍
07/03/2007 🔍
10/19/2007 🔍
10/20/2007 🔍
10/25/2007 🔍
10/28/2007 🔍
03/15/2015 🔍
07/29/2019 🔍
Sources
Vendor: mozilla.orgProduct: mozilla.org
Advisory: redhat.com
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2007-3511 (🔍)
OVAL: 🔍
X-Force: 35299
SecurityTracker: 1018837
Vulnerability Center: 16675 - Mozilla Firefox 1.5.0.12 and 2.0.0.4 Remote Field Focus Manipulation and Keystrokes Logging, Medium
SecurityFocus: 24725 - Mozilla Firefox OnKeyDown Event File Upload Vulnerability
Secunia: 25904
OSVDB: 37994 - Mozilla Multiple Browsers onkeydown Event Window Focus Manipulation
Vupen: ADV-2007-3544
See also: 🔍
Entry
Created: 03/15/2015 15:58Updated: 07/29/2019 10:36
Changes: 03/15/2015 15:58 (90), 07/29/2019 10:36 (2)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.