Launchpad.net

CVE 2007-5960

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

Related bugs and status

CVE-2007-5960 (Candidate) is related to these bugs:

Bug #150791: firefox package on packages site carries warning about development version

Summary				In	Importance	Status
	150791	firefox package on packages site carries warning about development version		firefox (Ubuntu)	Undecided	Fix Released

Bug #172518: [firefox] regression in recent update to 2.0.0.10

		In	Importance	Status
172518	[firefox] regression in recent update to 2.0.0.10	firefox (Ubuntu)	Undecided	Fix Released
172518	[firefox] regression in recent update to 2.0.0.10	Mozilla Firefox	High	Fix Released
172518	[firefox] regression in recent update to 2.0.0.10	Mozilla Firefox 2.0	High	Fix Released
172518	[firefox] regression in recent update to 2.0.0.10	firefox (Ubuntu Edgy)	High	Won't Fix
172518	[firefox] regression in recent update to 2.0.0.10	firefox (Ubuntu Feisty)	High	Fix Released
172518	[firefox] regression in recent update to 2.0.0.10	firefox (Ubuntu Gutsy)	High	Fix Released
172518	[firefox] regression in recent update to 2.0.0.10	firefox (Ubuntu Hardy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-5960

Related bugs and status

Related bugs

References