Upstream information
CVE-2007-5960 at MITRE
Description
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.
NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Novell/SUSE information
Novell Bugzilla entry:
341591
SUSE Security Advisories:
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|
| SUSE LINUX 10.0 | mozilla >= 1.8_seamonkey_1.0.9-2.9mozilla-calendar >= 1.8_seamonkey_1.0.9-2.9mozilla-devel >= 1.8_seamonkey_1.0.9-2.9mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-2.9mozilla-irc >= 1.8_seamonkey_1.0.9-2.9mozilla-ko >= 1.75-3.6mozilla-mail >= 1.8_seamonkey_1.0.9-2.9mozilla-spellchecker >= 1.8_seamonkey_1.0.9-2.9mozilla-venkman >= 1.8_seamonkey_1.0.9-2.9mozilla-zh-CN >= 1.7-6.6mozilla-zh-TW >= 1.7-6.6
| |
SUSE LINUX Retail Solution 8
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IBM zSeries
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0 | mozilla >= 1.8_seamonkey_1.0.9-0.18mozilla-calendar >= 1.8_seamonkey_1.0.9-0.18mozilla-devel >= 1.8_seamonkey_1.0.9-0.18mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-0.18mozilla-irc >= 1.8_seamonkey_1.0.9-0.18mozilla-mail >= 1.8_seamonkey_1.0.9-0.18mozilla-spellchecker >= 1.8_seamonkey_1.0.9-0.18mozilla-venkman >= 1.8_seamonkey_1.0.9-0.18mozilla-xmlterm >= 1.8_seamonkey_1.0.9-0.18
| ul1.s390
slrs8.x86
YOU Patch Nr: 12007 |
| Novell Linux Desktop 9 for x86 | mozilla >= 1.8_seamonkey_1.0.9-1.8mozilla-cs >= 1.8_seamonkey_1.0.4-0.8mozilla-deat >= 1.8_seamonkey_1.0.4-0.8mozilla-devel >= 1.8_seamonkey_1.0.9-1.8mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-1.8mozilla-hu >= 1.80_seamonkey_1.0.4-6mozilla-irc >= 1.8_seamonkey_1.0.9-1.8mozilla-mail >= 1.8_seamonkey_1.0.9-1.8mozilla-venkman >= 1.8_seamonkey_1.0.9-1.8
| core9.s390
core9.x86
YOU Patch Nr: 12008 |
| Novell Linux Desktop 9 for x86_64 | mozilla >= 1.8_seamonkey_1.0.9-1.8mozilla-cs >= 1.8_seamonkey_1.0.4-0.8mozilla-deat >= 1.8_seamonkey_1.0.4-0.8mozilla-devel >= 1.8_seamonkey_1.0.9-1.8mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-1.8mozilla-hu >= 1.80_seamonkey_1.0.4-6mozilla-irc >= 1.8_seamonkey_1.0.9-1.8mozilla-lib64 >= 1.8_seamonkey_1.0.9-0.3mozilla-mail >= 1.8_seamonkey_1.0.9-1.8mozilla-venkman >= 1.8_seamonkey_1.0.9-1.8
| core9.s390
core9.x86
YOU Patch Nr: 12008 |
| Open Enterprise Server | mozilla >= 1.8_seamonkey_1.0.9-1.8mozilla-calendar >= 1.8_seamonkey_1.0.9-1.8mozilla-cs >= 1.8_seamonkey_1.0.4-0.8mozilla-deat >= 1.8_seamonkey_1.0.4-0.8mozilla-devel >= 1.8_seamonkey_1.0.9-1.8mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-1.8mozilla-hu >= 1.80_seamonkey_1.0.4-6mozilla-irc >= 1.8_seamonkey_1.0.9-1.8mozilla-mail >= 1.8_seamonkey_1.0.9-1.8mozilla-venkman >= 1.8_seamonkey_1.0.9-1.8
| core9.s390
core9.x86
YOU Patch Nr: 12008 |
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64 | MozillaFirefox >= 1.5.0.12-0.7MozillaFirefox-translations >= 1.5.0.12-0.7
| Builds
YOU Patch Nr: 12005 |
| SUSE LINUX 10.1 | seamonkey >= 1.0.9-1.7seamonkey-calendar >= 1.0.9-1.7seamonkey-dom-inspector >= 1.0.9-1.7seamonkey-irc >= 1.0.9-1.7seamonkey-mail >= 1.0.9-1.7seamonkey-spellchecker >= 1.0.9-1.7seamonkey-venkman >= 1.0.9-1.7
| |
| SUSE LINUX 10.0 | MozillaFirefox >= 2.0.0.10-0.1MozillaFirefox-translations >= 2.0.0.10-0.1
| |
| SUSE LINUX 10.1 | MozillaFirefox >= 2.0.0.10-0.2MozillaFirefox-translations >= 2.0.0.10-0.2
| |
