CVE-2007-5960

Impact:
Moderate
Public Date:
2007-11-26
CWE:
CWE-352
Bugzilla:
394261: CVE-2007-5960 Mozilla Cross-site Request Forgery flaw

The MITRE CVE dictionary describes this issue as:

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

Find out more about CVE-2007-5960 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Extended Update Support 4.5 (firefox) RHSA-2007:1082 2007-11-26
Red Hat Enterprise Linux 3 (seamonkey) RHSA-2007:1084 2007-11-26
Red Hat Enterprise Linux 2.1 (seamonkey) RHSA-2007:1084 2007-11-26
Red Hat Enterprise Linux Extended Update Support 4.5 (seamonkey) RHSA-2007:1084 2007-11-26
Red Hat Enterprise Linux 5 (thunderbird) RHSA-2007:1083 2007-12-19
Red Hat Enterprise Linux 5 (firefox) RHSA-2007:1082 2007-11-26
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) (thunderbird) RHSA-2007:1083 2007-12-19
Red Hat Enterprise Linux 4 (firefox) RHSA-2007:1082 2007-11-26
Red Hat Enterprise Linux 4 (thunderbird) RHSA-2007:1083 2007-12-19
Red Hat Enterprise Linux 4 (seamonkey) RHSA-2007:1084 2007-11-26

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.