CVE-2007-5960

N/A Unknown
Published: November 26, 2007 Modified: April 23, 2026
View on NVD

Description

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://browser.netscape.com/releasenotes/
Source: secalert@redhat.com
http://bugs.gentoo.org/show_bug.cgi?id=198965
Source: secalert@redhat.com
http://bugs.gentoo.org/show_bug.cgi?id=200909
Source: secalert@redhat.com
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Source: secalert@redhat.com
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html
Source: secalert@redhat.com
http://secunia.com/advisories/27725
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27793
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27796
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27797
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27800
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27816
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27838
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27845
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27855
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27944
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27955
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27957
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27979
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28001
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28016
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28171
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28277
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28398
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/29164
Source: secalert@redhat.com
http://security.gentoo.org/glsa/glsa-200712-21.xml
Source: secalert@redhat.com
http://securitytracker.com/id?1018995
Source: secalert@redhat.com
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.365006
Source: secalert@redhat.com
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374833
Source: secalert@redhat.com
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
Source: secalert@redhat.com
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1
Source: secalert@redhat.com
http://wiki.rpath.com/Advisories:rPSA-2008-0093
Source: secalert@redhat.com
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260
Source: secalert@redhat.com
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
Source: secalert@redhat.com
http://www.debian.org/security/2007/dsa-1424
Source: secalert@redhat.com
http://www.debian.org/security/2007/dsa-1425
Source: secalert@redhat.com
http://www.mandriva.com/security/advisories?name=MDKSA-2007:246
Source: secalert@redhat.com
http://www.mozilla.org/security/announce/2007/mfsa2007-39.html
Source: secalert@redhat.com
http://www.redhat.com/support/errata/RHSA-2007-1082.html
Source: secalert@redhat.com
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-1083.html
Source: secalert@redhat.com
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-1084.html
Source: secalert@redhat.com
Vendor Advisory
http://www.securityfocus.com/archive/1/488002/100/0/threaded
Source: secalert@redhat.com
http://www.securityfocus.com/archive/1/488971/100/0/threaded
Source: secalert@redhat.com
http://www.securityfocus.com/bid/26589
Source: secalert@redhat.com
http://www.ubuntu.com/usn/usn-546-2
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2007/4002
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2007/4018
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2008/0083
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2008/0643
Source: secalert@redhat.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/38644
Source: secalert@redhat.com
https://issues.rpath.com/browse/RPL-1984
Source: secalert@redhat.com
https://issues.rpath.com/browse/RPL-1995
Source: secalert@redhat.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9794
Source: secalert@redhat.com
https://usn.ubuntu.com/546-1/
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00115.html
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00135.html
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00168.html
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01011.html
Source: secalert@redhat.com
http://browser.netscape.com/releasenotes/
Source: af854a3a-2127-422b-91ae-364da2661108
http://bugs.gentoo.org/show_bug.cgi?id=198965
Source: af854a3a-2127-422b-91ae-364da2661108
http://bugs.gentoo.org/show_bug.cgi?id=200909
Source: af854a3a-2127-422b-91ae-364da2661108
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/27725
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27793
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27796
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27797
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27800
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27816
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27838
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27845
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27855
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27944
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27955
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27957
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27979
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/28001
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/28016
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/28171
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/28277
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/28398
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/29164
Source: af854a3a-2127-422b-91ae-364da2661108
http://security.gentoo.org/glsa/glsa-200712-21.xml
Source: af854a3a-2127-422b-91ae-364da2661108
http://securitytracker.com/id?1018995
Source: af854a3a-2127-422b-91ae-364da2661108
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.365006
Source: af854a3a-2127-422b-91ae-364da2661108
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374833
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://wiki.rpath.com/Advisories:rPSA-2008-0093
Source: af854a3a-2127-422b-91ae-364da2661108
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260
Source: af854a3a-2127-422b-91ae-364da2661108
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2007/dsa-1424
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2007/dsa-1425
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDKSA-2007:246
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mozilla.org/security/announce/2007/mfsa2007-39.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2007-1082.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-1083.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-1084.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/archive/1/488002/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/488971/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/26589
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-546-2
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/4002
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/4018
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/0083
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/0643
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/38644
Source: af854a3a-2127-422b-91ae-364da2661108
https://issues.rpath.com/browse/RPL-1984
Source: af854a3a-2127-422b-91ae-364da2661108
https://issues.rpath.com/browse/RPL-1995
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9794
Source: af854a3a-2127-422b-91ae-364da2661108
https://usn.ubuntu.com/546-1/
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00115.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00135.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00168.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01011.html
Source: af854a3a-2127-422b-91ae-364da2661108

114 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.5%
70th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-22

Affected Vendors

mozilla

Related CVEs

CVE-2026-9699 6.8
CVE-2026-57667 8.5
CVE-2026-57665 5.3
CVE-2026-57664 4.3
CVE-2026-57663 8.5