CVE-2007-5896 - Vulnerability Details - OpenCVE

Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service (CPU consumption and crash) via an iframe with Javascript that sets the document.location to contain a leading NULL byte (\x00) and a (1) res://, (2) about:config, or (3) file:/// URI.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Firefox

Configuration 1 [-]

cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/45296
http://www.0x000000.com/index.php?i=467&bin=111010011
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2007-11/msg00094.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/38233

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-11-08T20:00:00

Updated: 2024-08-07T15:47:00.521Z

Reserved: 2007-11-08T00:00:00

Link: CVE-2007-5896

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-11-08T20:46:00.000

Modified: 2024-11-21T00:38:53.650

Link: CVE-2007-5896

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-11-02T00:00:00", "descriptions": [{"lang": "en", "value": "Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service (CPU consumption and crash) via an iframe with Javascript that sets the document.location to contain a leading NULL byte (\\x00) and a (1) res://, (2) about:config, or (3) file:/// URI."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "45296", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/45296"}, {"tags": ["x_refsource_MISC"], "url": "http://www.0x000000.com/index.php?i=467&bin=111010011"}, {"name": "firefox-iframe-javascript-dos(38233)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38233"}, {"name": "20071102 Firefox 2.0.0.9 remote DoS vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2007-11/msg00094.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5896", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service (CPU consumption and crash) via an iframe with Javascript that sets the document.location to contain a leading NULL byte (\\x00) and a (1) res://, (2) about:config, or (3) file:/// URI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "45296", "refsource": "OSVDB", "url": "http://osvdb.org/45296"}, {"name": "http://www.0x000000.com/index.php?i=467&bin=111010011", "refsource": "MISC", "url": "http://www.0x000000.com/index.php?i=467&bin=111010011"}, {"name": "firefox-iframe-javascript-dos(38233)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38233"}, {"name": "20071102 Firefox 2.0.0.9 remote DoS vulnerability", "refsource": "FULLDISC", "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2007-11/msg00094.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:47:00.521Z"}, "title": "CVE Program Container", "references": [{"name": "45296", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/45296"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.0x000000.com/index.php?i=467&bin=111010011"}, {"name": "firefox-iframe-javascript-dos(38233)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38233"}, {"name": "20071102 Firefox 2.0.0.9 remote DoS vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2007-11/msg00094.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5896", "datePublished": "2007-11-08T20:00:00", "dateReserved": "2007-11-08T00:00:00", "dateUpdated": "2024-08-07T15:47:00.521Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "43A13026-416F-4308-8A1B-E989BD769E12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service (CPU consumption and crash) via an iframe with Javascript that sets the document.location to contain a leading NULL byte (\\x00) and a (1) res://, (2) about:config, or (3) file:/// URI."}, {"lang": "es", "value": "Mozilla Firefox 2.0.0.9 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU y ca\u00edda) mediante un iframe con Javascript que establece el document.location para que contenga un byte importante NULL (\\x00) y un URI (1) res://, (2) about:config, o (3) file:///."}], "id": "CVE-2007-5896", "lastModified": "2024-11-21T00:38:53.650", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-11-08T20:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/45296"}, {"source": "cve@mitre.org", "url": "http://www.0x000000.com/index.php?i=467&bin=111010011"}, {"source": "cve@mitre.org", "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2007-11/msg00094.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38233"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/45296"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.0x000000.com/index.php?i=467&bin=111010011"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2007-11/msg00094.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38233"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat does not consider this flaw a security issue. This flaw is not exploitable and can only cause a client to stop responding or crash.", "lastModified": "2007-11-19T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}