New Search

Mozilla based browsers including Firefox before 1.5.0.10 and 2.x before 2.0.0.2 and SeaMonkey before 1.0.8 allow remote attackers to bypass the same origin policy steal cookies and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property due to interactions with DNS resolver code.

oval:org.mitre.oval:def:9730

Mozilla based browsers including Firefox before 1.5.0.10 and 2.x before 2.0.0.2 and SeaMonkey before 1.0.8 allow remote attackers to bypass the same origin policy steal cookies and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property due to interactions with DNS resolver code.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 4
  • CentOS Linux 3
  • Red Hat Enterprise Linux 5
  • Oracle Linux 5
  • Red Hat Enterprise Linux 3
  • Oracle Linux 4
  • Red Hat Enterprise Linux 4
  • CentOS Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2007-0981
Product(s):