Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-5337

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-21 Oct, 2007 | 20:00
Updated At-07 Aug, 2024 | 15:24
Rejected At-
Credits

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:21 Oct, 2007 | 20:00
Updated At:07 Aug, 2024 | 15:24
Rejected At:
▼CVE Numbering Authority (CNA)

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
vendor-advisory
x_refsource_FEDORA
http://www.securityfocus.com/archive/1/482876/100/200/threaded
mailing-list
x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/37287
vdb-entry
x_refsource_XF
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11443
vdb-entry
signature
x_refsource_OVAL
http://www.vupen.com/english/advisories/2007/3587
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/27414
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/482925/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
https://issues.rpath.com/browse/RPL-1858
x_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
vendor-advisory
x_refsource_GENTOO
http://secunia.com/advisories/27360
third-party-advisory
x_refsource_SECUNIA
http://www.mozilla.org/security/announce/2007/mfsa2007-34.html
x_refsource_CONFIRM
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/27298
third-party-advisory
x_refsource_SECUNIA
http://securitytracker.com/id?1018837
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/27327
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/3544
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/27276
third-party-advisory
x_refsource_SECUNIA
https://usn.ubuntu.com/535-1/
vendor-advisory
x_refsource_UBUNTU
http://www.debian.org/security/2007/dsa-1401
vendor-advisory
x_refsource_DEBIAN
http://www.debian.org/security/2007/dsa-1392
vendor-advisory
x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2007-0980.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/27383
third-party-advisory
x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
vendor-advisory
x_refsource_SUSE
https://bugzilla.mozilla.org/show_bug.cgi?id=381146
x_refsource_MISC
http://secunia.com/advisories/27356
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2007-0981.html
vendor-advisory
x_refsource_REDHAT
http://www.vupen.com/english/advisories/2008/0083
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/27387
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/27403
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/27336
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2007/dsa-1396
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/27425
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/28398
third-party-advisory
x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/27325
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/27665
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2007-0979.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/27335
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/27480
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/27680
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/26132
vdb-entry
x_refsource_BID
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
vendor-advisory
x_refsource_SUNALERT
http://www.securityfocus.com/archive/1/482932/100/200/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.ubuntu.com/usn/usn-536-1
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.securityfocus.com/archive/1/482876/100/200/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/37287
Resource:
vdb-entry
x_refsource_XF
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11443
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.vupen.com/english/advisories/2007/3587
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/27414
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/482925/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://issues.rpath.com/browse/RPL-1858
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://secunia.com/advisories/27360
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mozilla.org/security/announce/2007/mfsa2007-34.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/27298
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://securitytracker.com/id?1018837
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/27327
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2007/3544
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/27276
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://usn.ubuntu.com/535-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.debian.org/security/2007/dsa-1401
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.debian.org/security/2007/dsa-1392
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0980.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/27383
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=381146
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/27356
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0981.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.vupen.com/english/advisories/2008/0083
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/27387
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/27403
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/27336
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2007/dsa-1396
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/27425
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/28398
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/27325
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/27665
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0979.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/27335
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/27480
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/27680
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/26132
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.securityfocus.com/archive/1/482932/100/200/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.ubuntu.com/usn/usn-536-1
Resource:
vendor-advisory
x_refsource_UBUNTU
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.securityfocus.com/archive/1/482876/100/200/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/37287
vdb-entry
x_refsource_XF
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11443
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.vupen.com/english/advisories/2007/3587
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/27414
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/482925/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://issues.rpath.com/browse/RPL-1858
x_refsource_CONFIRM
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://secunia.com/advisories/27360
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mozilla.org/security/announce/2007/mfsa2007-34.html
x_refsource_CONFIRM
x_transferred
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/27298
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://securitytracker.com/id?1018837
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/27327
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2007/3544
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/27276
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://usn.ubuntu.com/535-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.debian.org/security/2007/dsa-1401
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.debian.org/security/2007/dsa-1392
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.redhat.com/support/errata/RHSA-2007-0980.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/27383
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=381146
x_refsource_MISC
x_transferred
http://secunia.com/advisories/27356
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2007-0981.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.vupen.com/english/advisories/2008/0083
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/27387
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/27403
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/27336
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2007/dsa-1396
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/27425
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/28398
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/27325
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/27665
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2007-0979.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/27335
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/27480
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/27680
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/26132
vdb-entry
x_refsource_BID
x_transferred
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
x_refsource_CONFIRM
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://www.securityfocus.com/archive/1/482932/100/200/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.ubuntu.com/usn/usn-536-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/482876/100/200/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/37287
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11443
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/3587
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/27414
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/482925/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://issues.rpath.com/browse/RPL-1858
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://secunia.com/advisories/27360
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mozilla.org/security/announce/2007/mfsa2007-34.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/27298
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://securitytracker.com/id?1018837
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/27327
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/3544
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/27276
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://usn.ubuntu.com/535-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.debian.org/security/2007/dsa-1401
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.debian.org/security/2007/dsa-1392
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0980.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/27383
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=381146
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/27356
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0981.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/0083
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/27387
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/27403
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/27336
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2007/dsa-1396
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/27425
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/28398
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/27325
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/27665
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0979.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/27335
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/27480
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/27680
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/26132
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/482932/100/200/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-536-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:21 Oct, 2007 | 20:17
Updated At:15 Oct, 2018 | 21:43

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches

Linux Kernel Organization, Inc
linux
>>linux_kernel>>*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
The GNOME Project
gnome
>>gnome-vfs>>*
cpe:2.3:a:gnome:gnome-vfs:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>Versions up to 2.0.0.7(inclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>Versions up to 1.1.4(inclusive)
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742secalert@redhat.com
N/A
http://secunia.com/advisories/27276secalert@redhat.com
N/A
http://secunia.com/advisories/27298secalert@redhat.com
N/A
http://secunia.com/advisories/27325secalert@redhat.com
N/A
http://secunia.com/advisories/27327secalert@redhat.com
N/A
http://secunia.com/advisories/27335secalert@redhat.com
N/A
http://secunia.com/advisories/27336secalert@redhat.com
N/A
http://secunia.com/advisories/27356secalert@redhat.com
N/A
http://secunia.com/advisories/27360secalert@redhat.com
N/A
http://secunia.com/advisories/27383secalert@redhat.com
N/A
http://secunia.com/advisories/27387secalert@redhat.com
N/A
http://secunia.com/advisories/27403secalert@redhat.com
N/A
http://secunia.com/advisories/27414secalert@redhat.com
N/A
http://secunia.com/advisories/27425secalert@redhat.com
N/A
http://secunia.com/advisories/27480secalert@redhat.com
N/A
http://secunia.com/advisories/27665secalert@redhat.com
N/A
http://secunia.com/advisories/27680secalert@redhat.com
N/A
http://secunia.com/advisories/28398secalert@redhat.com
N/A
http://securitytracker.com/id?1018837secalert@redhat.com
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1secalert@redhat.com
N/A
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.htmlsecalert@redhat.com
N/A
http://www.debian.org/security/2007/dsa-1392secalert@redhat.com
N/A
http://www.debian.org/security/2007/dsa-1396secalert@redhat.com
N/A
http://www.debian.org/security/2007/dsa-1401secalert@redhat.com
N/A
http://www.gentoo.org/security/en/glsa/glsa-200711-14.xmlsecalert@redhat.com
N/A
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202secalert@redhat.com
N/A
http://www.mozilla.org/security/announce/2007/mfsa2007-34.htmlsecalert@redhat.com
Patch
http://www.novell.com/linux/security/advisories/2007_57_mozilla.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2007-0979.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2007-0980.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2007-0981.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/482876/100/200/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/482925/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/482932/100/200/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/26132secalert@redhat.com
N/A
http://www.ubuntu.com/usn/usn-536-1secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2007/3544secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2007/3587secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2008/0083secalert@redhat.com
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=381146secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/37287secalert@redhat.com
N/A
https://issues.rpath.com/browse/RPL-1858secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11443secalert@redhat.com
N/A
https://usn.ubuntu.com/535-1/secalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.htmlsecalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.htmlsecalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.htmlsecalert@redhat.com
N/A
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27276
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27298
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27325
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27327
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27335
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27336
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27356
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27360
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27383
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27387
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27403
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27414
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27425
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27480
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27665
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27680
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/28398
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://securitytracker.com/id?1018837
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2007/dsa-1392
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2007/dsa-1396
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2007/dsa-1401
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2007/mfsa2007-34.html
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0979.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0980.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0981.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/482876/100/200/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/482925/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/482932/100/200/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/26132
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-536-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2007/3544
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2007/3587
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/0083
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=381146
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/37287
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://issues.rpath.com/browse/RPL-1858
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11443
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://usn.ubuntu.com/535-1/
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1827Records found

CVE-2021-45884
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.94%
||
7 Day CHG~0.00%
Published-27 Dec, 2021 | 21:31
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916.

Action-Not Available
Vendor-braven/aLinux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-windowsmacosbravelinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-7847
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.88% / 74.41%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverthunderbirddebian_linuxenterprise_linux_workstationenterprise_linux_ausenterprise_linux_eusenterprise_linux_desktopThunderbird
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5117
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.77% / 72.45%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncMicrosoft CorporationGoogle LLC
Product-chromelinux_kerneldebian_linuxwindowsGoogle Chrome prior to 61.0.3163.79 for Linux and Windows
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-43536
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 62.40%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 21:20
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5384
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.80% / 73.18%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. This vulnerability affects Firefox < 51.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-0792
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.94% / 75.22%
||
7 Day CHG~0.00%
Published-03 Apr, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-0748
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.30%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSE
Product-enterprise_linux_desktopenterprise_linux_server_auslinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirdlinux_enterprise_desktopfirefoxopensuseenterprise_linux_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-16541
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.87% / 85.74%
||
7 Day CHG~0.00%
Published-04 Nov, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.

Action-Not Available
Vendor-torprojectn/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.
Product-enterprise_linux_desktoptorenterprise_linux_server_tusenterprise_linux_eusenterprise_linux_workstationlinux_kernelenterprise_linux_serverdebian_linuxenterprise_linux_server_ausmacosn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-6459
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.19%
||
7 Day CHG~0.00%
Published-01 Jan, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets.

Action-Not Available
Vendor-n/aIntel CorporationLinux Kernel Organization, Inc
Product-connmantizenn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8401
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.7||MEDIUM
EPSS-0.15% / 35.59%
||
7 Day CHG~0.00%
Published-12 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31494725.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2006-2613
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.45% / 79.95%
||
7 Day CHG~0.00%
Published-26 May, 2006 | 01:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents.

Action-Not Available
Vendor-n/aMozilla CorporationNetscape (Yahoo Inc.)
Product-mozilla_suitenavigatorfirefoxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-3976
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.78% / 72.66%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSE
Product-enterprise_linux_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxenterprise_linux_eusenterprise_linux_workstationseamonkeylinux_enterprise_desktopfirefoxopensuseenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-4199
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.33%
||
7 Day CHG~0.00%
Published-16 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 generates JavaScript function calls containing private product names or private component names in certain circumstances involving custom-field visibility control, which allows remote attackers to obtain sensitive information by reading HTML source code.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-4168
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.79% / 72.87%
||
7 Day CHG~0.00%
Published-21 Aug, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow remote attackers to read content from a different domain via a crafted web site.

Action-Not Available
Vendor-n/aMicrosoft CorporationGoogle LLCAdobe Inc.Apple Inc.Linux Kernel Organization, Inc
Product-airandroidair_sdkflash_playerwindowsmac_os_xlinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-3975
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.92% / 75.06%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdseamonkeyn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-4208
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.35% / 56.71%
||
7 Day CHG~0.00%
Published-21 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationopenSUSE
Product-linux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxseamonkeythunderbirdlinux_enterprise_desktopfirefoxopensusen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-2038
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-1.36% / 79.39%
||
7 Day CHG~0.00%
Published-09 Jun, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationSUSEGoogle LLCAdobe Inc.Apple Inc.Red Hat, Inc.Linux Kernel Organization, IncopenSUSE
Product-airandroidenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_eusmacosflash_playerwindowsenterprise_linux_workstationopensuselinux_enterprise_desktoplinux_kernelenterprise_linux_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-1712
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 55.36%
||
7 Day CHG~0.00%
Published-15 Apr, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-2598
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 36.46%
||
7 Day CHG~0.00%
Published-30 Jun, 2011 | 15:26
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8407
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.7||MEDIUM
EPSS-0.15% / 35.59%
||
7 Day CHG~0.00%
Published-12 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31802656.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2002-2436
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 55.22%
||
7 Day CHG~0.00%
Published-07 Dec, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-0654
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.70% / 71.17%
||
7 Day CHG~0.00%
Published-18 Feb, 2010 | 17:19
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-0648
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.44% / 62.28%
||
7 Day CHG~0.00%
Published-18 Feb, 2010 | 17:19
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-0593
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.81% / 73.20%
||
7 Day CHG~0.00%
Published-09 Feb, 2008 | 00:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2009-1835
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.51% / 80.42%
||
7 Day CHG~0.00%
Published-12 Jun, 2009 | 21:07
Updated-07 Aug, 2024 | 05:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2009-1311
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.87% / 74.23%
||
7 Day CHG~0.00%
Published-22 Apr, 2009 | 18:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-0626
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 41.96%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393124. References: QC-CR#1088050.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-0624
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 41.96%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34327795. References: QC-CR#2005832.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-0334
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 45.31%
||
7 Day CHG~0.00%
Published-08 Mar, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.18. Android ID: A-33245849. References: N-CVE-2017-0334.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-0448
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.14%
||
7 Day CHG~0.00%
Published-08 Feb, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-32721029. References: N-CVE-2017-0448.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelandroidAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-0336
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 45.31%
||
7 Day CHG~0.00%
Published-08 Mar, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.18. Android ID: A-33042679. References: N-CVE-2017-0336.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-9074
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.29% / 78.86%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8397
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 44.84%
||
7 Day CHG~0.00%
Published-12 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31385953. References: N-CVE-2016-8397.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-7917
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5||MEDIUM
EPSS-0.16% / 37.57%
||
7 Day CHG~0.00%
Published-16 Nov, 2016 | 04:49
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8403
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.7||MEDIUM
EPSS-0.15% / 35.59%
||
7 Day CHG~0.00%
Published-12 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495348.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8404
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.7||MEDIUM
EPSS-0.15% / 35.59%
||
7 Day CHG~0.00%
Published-12 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31496950.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kernelAndroid Kernel-3.10
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8402
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.7||MEDIUM
EPSS-0.15% / 35.59%
||
7 Day CHG~0.00%
Published-12 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495231.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8405
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.7||MEDIUM
EPSS-0.34% / 56.08%
||
7 Day CHG~0.00%
Published-12 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31651010.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-5133
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.88% / 74.41%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message. This vulnerability affects Firefox < 59.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8400
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 48.71%
||
7 Day CHG~0.00%
Published-12 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the NVIDIA librm library (libnvrm) could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: Kernel-3.18. Android ID: A-31251599. References: N-CVE-2016-8400.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8406
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.7||MEDIUM
EPSS-0.15% / 35.59%
||
7 Day CHG~0.00%
Published-12 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796940.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-5260
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.57% / 67.60%
||
7 Day CHG~0.00%
Published-05 Aug, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-5288
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.46% / 63.22%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 00:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-5282
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 62.99%
||
7 Day CHG~0.00%
Published-22 Sep, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-5279
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 59.95%
||
7 Day CHG~0.00%
Published-22 Sep, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2830
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.52% / 65.94%
||
7 Day CHG~0.00%
Published-05 Aug, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2813
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 63.68%
||
7 Day CHG~0.00%
Published-30 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780.

Action-Not Available
Vendor-n/aGoogle LLCMozilla Corporation
Product-firefoxandroidn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1955
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.05%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.

Action-Not Available
Vendor-n/aMozilla CorporationNovellopenSUSE
Product-leapopensusefirefoxsuse_package_hub_for_suse_linux_enterprisen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2832
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.56% / 67.13%
||
7 Day CHG-0.01%
Published-13 Jun, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSECanonical Ltd.
Product-leapfirefoxopensuseubuntu_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-12374
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.44% / 62.19%
||
7 Day CHG~0.00%
Published-18 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxthunderbirddebian_linuxenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopThunderbird
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 36
  • 37
  • Next
Details not found