JVN/CVE Demo: Cveinfos

CVE

Id: 24338
CVE No.: CVE-2007-0981
Status: Candidate
Description: Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
Phase: Assigned (20070215)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
239082	24338	CVE-2007-0981	BUGTRAQ:20070226 rPSA-2007-0040-1 firefox	View
239083	24338	CVE-2007-0981	URL:http://www.securityfocus.com/archive/1/archive/1/461336/100/0/threaded	View
239084	24338	CVE-2007-0981	BUGTRAQ:20070303 rPSA-2007-0040-3 firefox thunderbird	View
239085	24338	CVE-2007-0981	URL:http://www.securityfocus.com/archive/1/archive/1/461809/100/0/threaded	View
239086	24338	CVE-2007-0981	BUGTRAQ:20070214 Firefox: serious cookie stealing / same-domain bypass vulnerability	View
239087	24338	CVE-2007-0981	URL:http://www.securityfocus.com/archive/1/archive/1/460126/100/200/threaded	View
239088	24338	CVE-2007-0981	BUGTRAQ:20070215 Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability	View
239089	24338	CVE-2007-0981	URL:http://www.securityfocus.com/archive/1/460217/100/0/threaded	View
239090	24338	CVE-2007-0981	MISC:http://lcamtuf.dione.cc/ffhostname.html	View
239091	24338	CVE-2007-0981	CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=370445	View
239092	24338	CVE-2007-0981	CONFIRM:http://www.mozilla.org/security/announce/2007/mfsa2007-07.html	View
239093	24338	CVE-2007-0981	CONFIRM:https://issues.rpath.com/browse/RPL-1081	View
239094	24338	CVE-2007-0981	CONFIRM:https://issues.rpath.com/browse/RPL-1103	View
239095	24338	CVE-2007-0981	DEBIAN:DSA-1336	View
239096	24338	CVE-2007-0981	URL:http://www.debian.org/security/2007/dsa-1336	View
239097	24338	CVE-2007-0981	FEDORA:FEDORA-2007-281	View
239098	24338	CVE-2007-0981	URL:http://fedoranews.org/cms/node/2713	View
239099	24338	CVE-2007-0981	FEDORA:FEDORA-2007-293	View
239100	24338	CVE-2007-0981	URL:http://fedoranews.org/cms/node/2728	View
239101	24338	CVE-2007-0981	GENTOO:GLSA-200703-04	View
239102	24338	CVE-2007-0981	URL:http://security.gentoo.org/glsa/glsa-200703-04.xml	View
239103	24338	CVE-2007-0981	GENTOO:GLSA-200703-08	View
239104	24338	CVE-2007-0981	URL:http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml	View
239105	24338	CVE-2007-0981	HP:HPSBUX02153	View
239106	24338	CVE-2007-0981	URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	View
239107	24338	CVE-2007-0981	HP:SSRT061181	View
239108	24338	CVE-2007-0981	URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	View
239109	24338	CVE-2007-0981	MANDRIVA:MDKSA-2007:050	View
239110	24338	CVE-2007-0981	URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:050	View
239111	24338	CVE-2007-0981	REDHAT:RHSA-2007:0079	View
239112	24338	CVE-2007-0981	URL:http://www.redhat.com/support/errata/RHSA-2007-0079.html	View
239113	24338	CVE-2007-0981	REDHAT:RHSA-2007:0077	View
239114	24338	CVE-2007-0981	URL:http://rhn.redhat.com/errata/RHSA-2007-0077.html	View
239115	24338	CVE-2007-0981	REDHAT:RHSA-2007:0078	View
239116	24338	CVE-2007-0981	URL:http://www.redhat.com/support/errata/RHSA-2007-0078.html	View
239117	24338	CVE-2007-0981	REDHAT:RHSA-2007:0097	View
239118	24338	CVE-2007-0981	URL:http://www.redhat.com/support/errata/RHSA-2007-0097.html	View
239119	24338	CVE-2007-0981	REDHAT:RHSA-2007:0108	View
239120	24338	CVE-2007-0981	URL:http://www.redhat.com/support/errata/RHSA-2007-0108.html	View
239121	24338	CVE-2007-0981	SGI:20070301-01-P	View
239122	24338	CVE-2007-0981	URL:ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc	View
239123	24338	CVE-2007-0981	SGI:20070202-01-P	View
239124	24338	CVE-2007-0981	URL:ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc	View
239125	24338	CVE-2007-0981	SLACKWARE:SSA:2007-066-03	View
239126	24338	CVE-2007-0981	URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851	View
239127	24338	CVE-2007-0981	SLACKWARE:SSA:2007-066-05	View
239128	24338	CVE-2007-0981	URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131	View
239129	24338	CVE-2007-0981	SUSE:SUSE-SA:2007:019	View
239130	24338	CVE-2007-0981	URL:http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html	View
239131	24338	CVE-2007-0981	SUSE:SUSE-SA:2007:022	View
239132	24338	CVE-2007-0981	URL:http://www.novell.com/linux/security/advisories/2007_22_mozilla.html	View
239133	24338	CVE-2007-0981	UBUNTU:USN-428-1	View
239134	24338	CVE-2007-0981	URL:http://www.ubuntu.com/usn/usn-428-1	View
239135	24338	CVE-2007-0981	CERT-VN:VU#885753	View
239136	24338	CVE-2007-0981	URL:http://www.kb.cert.org/vuls/id/885753	View
239137	24338	CVE-2007-0981	BID:22566	View
239138	24338	CVE-2007-0981	URL:http://www.securityfocus.com/bid/22566	View
239139	24338	CVE-2007-0981	OVAL:oval:org.mitre.oval:def:9730	View
239140	24338	CVE-2007-0981	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9730	View
239141	24338	CVE-2007-0981	VUPEN:ADV-2007-0624	View
239142	24338	CVE-2007-0981	URL:http://www.vupen.com/english/advisories/2007/0624	View
239143	24338	CVE-2007-0981	VUPEN:ADV-2007-0718	View
239144	24338	CVE-2007-0981	URL:http://www.vupen.com/english/advisories/2007/0718	View
239145	24338	CVE-2007-0981	VUPEN:ADV-2008-0083	View
239146	24338	CVE-2007-0981	URL:http://www.vupen.com/english/advisories/2008/0083	View
239147	24338	CVE-2007-0981	OSVDB:32104	View
239148	24338	CVE-2007-0981	URL:http://www.osvdb.org/32104	View
239149	24338	CVE-2007-0981	SECTRACK:1017654	View
239150	24338	CVE-2007-0981	URL:http://securitytracker.com/id?1017654	View
239151	24338	CVE-2007-0981	SECUNIA:24175	View
239152	24338	CVE-2007-0981	URL:http://secunia.com/advisories/24175	View
239153	24338	CVE-2007-0981	SECUNIA:24238	View
239154	24338	CVE-2007-0981	URL:http://secunia.com/advisories/24238	View
239155	24338	CVE-2007-0981	SECUNIA:24287	View
239156	24338	CVE-2007-0981	URL:http://secunia.com/advisories/24287	View
239157	24338	CVE-2007-0981	SECUNIA:24290	View
239158	24338	CVE-2007-0981	URL:http://secunia.com/advisories/24290	View
239159	24338	CVE-2007-0981	SECUNIA:24205	View
239160	24338	CVE-2007-0981	URL:http://secunia.com/advisories/24205	View
239161	24338	CVE-2007-0981	SECUNIA:24328	View
239162	24338	CVE-2007-0981	URL:http://secunia.com/advisories/24328	View
239163	24338	CVE-2007-0981	SECUNIA:24333	View
239164	24338	CVE-2007-0981	URL:http://secunia.com/advisories/24333	View
239165	24338	CVE-2007-0981	SECUNIA:24343	View
239166	24338	CVE-2007-0981	URL:http://secunia.com/advisories/24343	View
239167	24338	CVE-2007-0981	SECUNIA:24320	View
239168	24338	CVE-2007-0981	URL:http://secunia.com/advisories/24320	View
239169	24338	CVE-2007-0981	SECUNIA:24293	View
239170	24338	CVE-2007-0981	URL:http://secunia.com/advisories/24293	View
239171	24338	CVE-2007-0981	SECUNIA:24393	View
239172	24338	CVE-2007-0981	URL:http://secunia.com/advisories/24393	View
239173	24338	CVE-2007-0981	SECUNIA:24395	View
239174	24338	CVE-2007-0981	URL:http://secunia.com/advisories/24395	View
239175	24338	CVE-2007-0981	SECUNIA:24384	View
239176	24338	CVE-2007-0981	URL:http://secunia.com/advisories/24384	View
239177	24338	CVE-2007-0981	SECUNIA:24437	View
239178	24338	CVE-2007-0981	URL:http://secunia.com/advisories/24437	View
239179	24338	CVE-2007-0981	SECUNIA:24650	View
239180	24338	CVE-2007-0981	URL:http://secunia.com/advisories/24650	View
239181	24338	CVE-2007-0981	SECUNIA:24455	View
239182	24338	CVE-2007-0981	URL:http://secunia.com/advisories/24455	View
239183	24338	CVE-2007-0981	SECUNIA:24457	View
239184	24338	CVE-2007-0981	URL:http://secunia.com/advisories/24457	View
239185	24338	CVE-2007-0981	SECUNIA:24342	View
239186	24338	CVE-2007-0981	URL:http://secunia.com/advisories/24342	View
239187	24338	CVE-2007-0981	SECUNIA:25588	View
239188	24338	CVE-2007-0981	URL:http://secunia.com/advisories/25588	View
239189	24338	CVE-2007-0981	SREASON:2262	View
239190	24338	CVE-2007-0981	URL:http://securityreason.com/securityalert/2262	View
239191	24338	CVE-2007-0981	XF:firefox-locationhostname-security-bypass(32533)	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
52888	JVNDB-2007-001580	AT Contenator の _admin/nav.php における PHP リモートファイルインクルージョンの脆弱性	AT Contenator の _admin/nav.php には、PHP リモートファイルインクルージョンの脆弱性が存在します。	CVE-2007-0983	24338	6.8		http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001580.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.43 MB
View render complete	3.01 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.90
Event: Controller.initialize	0.02
Event: Controller.startup	0.07
Controller action	407.94
Event: Controller.beforeRender	4.68
» Processing toolbar data	4.60
Rendering View	30.34
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	29.34
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.55
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.09
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/24338
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/24338
Remote Port	40097
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.111
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.211.250
Http Via	1.1 squid-proxy-5b5d847c96-knn9n (squid/6.13)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectharddos	1
Suspectdos	1
X Dostranslated Ip	216.73.216.111
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.111
Unique Id	aNnT6syh0DhJNVUrTdSfFwAAAAw
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectharddos	1
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.111
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.111
Redirect Unique Id	aNnT6syh0DhJNVUrTdSfFwAAAAw
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectharddos	1
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.111
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.111
Redirect Redirect Unique Id	aNnT6syh0DhJNVUrTdSfFwAAAAw
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1759106026.5099
Request Time	1759106026

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files