Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2007-11-26T23:00:00
Updated: 2024-08-07T15:47:00.536Z
Reserved: 2007-11-14T00:00:00
Link: CVE-2007-5960
Vulnrichment
No data.
NVD
Status : Modified
Published: 2007-11-26T23:46:00.000
Modified: 2024-11-21T00:39:02.963
Link: CVE-2007-5960
Redhat