Novell Home

CVE-2007-5960

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2007-5960 at MITRE

Description

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entry: 341591

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 10.0
  • mozilla >= 1.8_seamonkey_1.0.9-2.9
  • mozilla-calendar >= 1.8_seamonkey_1.0.9-2.9
  • mozilla-devel >= 1.8_seamonkey_1.0.9-2.9
  • mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-2.9
  • mozilla-irc >= 1.8_seamonkey_1.0.9-2.9
  • mozilla-ko >= 1.75-3.6
  • mozilla-mail >= 1.8_seamonkey_1.0.9-2.9
  • mozilla-spellchecker >= 1.8_seamonkey_1.0.9-2.9
  • mozilla-venkman >= 1.8_seamonkey_1.0.9-2.9
  • mozilla-zh-CN >= 1.7-6.6
  • mozilla-zh-TW >= 1.7-6.6
SUSE LINUX Retail Solution 8
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IBM zSeries
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • mozilla >= 1.8_seamonkey_1.0.9-0.18
  • mozilla-calendar >= 1.8_seamonkey_1.0.9-0.18
  • mozilla-devel >= 1.8_seamonkey_1.0.9-0.18
  • mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-0.18
  • mozilla-irc >= 1.8_seamonkey_1.0.9-0.18
  • mozilla-mail >= 1.8_seamonkey_1.0.9-0.18
  • mozilla-spellchecker >= 1.8_seamonkey_1.0.9-0.18
  • mozilla-venkman >= 1.8_seamonkey_1.0.9-0.18
  • mozilla-xmlterm >= 1.8_seamonkey_1.0.9-0.18
ul1.s390
slrs8.x86
YOU Patch Nr: 12007
Novell Linux Desktop 9 for x86
  • mozilla >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-cs >= 1.8_seamonkey_1.0.4-0.8
  • mozilla-deat >= 1.8_seamonkey_1.0.4-0.8
  • mozilla-devel >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-hu >= 1.80_seamonkey_1.0.4-6
  • mozilla-irc >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-mail >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-venkman >= 1.8_seamonkey_1.0.9-1.8
core9.s390
core9.x86
YOU Patch Nr: 12008
Novell Linux Desktop 9 for x86_64
  • mozilla >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-cs >= 1.8_seamonkey_1.0.4-0.8
  • mozilla-deat >= 1.8_seamonkey_1.0.4-0.8
  • mozilla-devel >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-hu >= 1.80_seamonkey_1.0.4-6
  • mozilla-irc >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-lib64 >= 1.8_seamonkey_1.0.9-0.3
  • mozilla-mail >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-venkman >= 1.8_seamonkey_1.0.9-1.8
core9.s390
core9.x86
YOU Patch Nr: 12008
Open Enterprise Server
  • mozilla >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-calendar >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-cs >= 1.8_seamonkey_1.0.4-0.8
  • mozilla-deat >= 1.8_seamonkey_1.0.4-0.8
  • mozilla-devel >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-hu >= 1.80_seamonkey_1.0.4-6
  • mozilla-irc >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-mail >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-venkman >= 1.8_seamonkey_1.0.9-1.8
core9.s390
core9.x86
YOU Patch Nr: 12008
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • MozillaFirefox >= 1.5.0.12-0.7
  • MozillaFirefox-translations >= 1.5.0.12-0.7
Builds
YOU Patch Nr: 12005
SUSE LINUX 10.1
  • seamonkey >= 1.0.9-1.7
  • seamonkey-calendar >= 1.0.9-1.7
  • seamonkey-dom-inspector >= 1.0.9-1.7
  • seamonkey-irc >= 1.0.9-1.7
  • seamonkey-mail >= 1.0.9-1.7
  • seamonkey-spellchecker >= 1.0.9-1.7
  • seamonkey-venkman >= 1.0.9-1.7
SUSE LINUX 10.0
  • MozillaFirefox >= 2.0.0.10-0.1
  • MozillaFirefox-translations >= 2.0.0.10-0.1
SUSE LINUX 10.1
  • MozillaFirefox >= 2.0.0.10-0.2
  • MozillaFirefox-translations >= 2.0.0.10-0.2

© 2014 Novell