Upstream information

CVE-2007-5960 at MITRE

Description

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entry: 341591 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 10.0
  • mozilla >= 1.8_seamonkey_1.0.9-2.9
  • mozilla-calendar >= 1.8_seamonkey_1.0.9-2.9
  • mozilla-devel >= 1.8_seamonkey_1.0.9-2.9
  • mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-2.9
  • mozilla-irc >= 1.8_seamonkey_1.0.9-2.9
  • mozilla-ko >= 1.75-3.6
  • mozilla-mail >= 1.8_seamonkey_1.0.9-2.9
  • mozilla-spellchecker >= 1.8_seamonkey_1.0.9-2.9
  • mozilla-venkman >= 1.8_seamonkey_1.0.9-2.9
  • mozilla-zh-CN >= 1.7-6.6
  • mozilla-zh-TW >= 1.7-6.6
SUSE LINUX Retail Solution 8
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IBM zSeries
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • mozilla >= 1.8_seamonkey_1.0.9-0.18
  • mozilla-calendar >= 1.8_seamonkey_1.0.9-0.18
  • mozilla-devel >= 1.8_seamonkey_1.0.9-0.18
  • mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-0.18
  • mozilla-irc >= 1.8_seamonkey_1.0.9-0.18
  • mozilla-mail >= 1.8_seamonkey_1.0.9-0.18
  • mozilla-spellchecker >= 1.8_seamonkey_1.0.9-0.18
  • mozilla-venkman >= 1.8_seamonkey_1.0.9-0.18
  • mozilla-xmlterm >= 1.8_seamonkey_1.0.9-0.18
ul1.s390
slrs8.x86
YOU Patch Nr: 12007
Novell Linux Desktop 9 for x86
  • mozilla >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-cs >= 1.8_seamonkey_1.0.4-0.8
  • mozilla-deat >= 1.8_seamonkey_1.0.4-0.8
  • mozilla-devel >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-hu >= 1.80_seamonkey_1.0.4-6
  • mozilla-irc >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-mail >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-venkman >= 1.8_seamonkey_1.0.9-1.8
core9.s390
core9.x86
YOU Patch Nr: 12008
Novell Linux Desktop 9 for x86_64
  • mozilla >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-cs >= 1.8_seamonkey_1.0.4-0.8
  • mozilla-deat >= 1.8_seamonkey_1.0.4-0.8
  • mozilla-devel >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-hu >= 1.80_seamonkey_1.0.4-6
  • mozilla-irc >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-lib64 >= 1.8_seamonkey_1.0.9-0.3
  • mozilla-mail >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-venkman >= 1.8_seamonkey_1.0.9-1.8
core9.s390
core9.x86
YOU Patch Nr: 12008
Open Enterprise Server
  • mozilla >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-calendar >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-cs >= 1.8_seamonkey_1.0.4-0.8
  • mozilla-deat >= 1.8_seamonkey_1.0.4-0.8
  • mozilla-devel >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-hu >= 1.80_seamonkey_1.0.4-6
  • mozilla-irc >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-mail >= 1.8_seamonkey_1.0.9-1.8
  • mozilla-venkman >= 1.8_seamonkey_1.0.9-1.8
core9.s390
core9.x86
YOU Patch Nr: 12008
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • MozillaFirefox >= 1.5.0.12-0.7
  • MozillaFirefox-translations >= 1.5.0.12-0.7
Builds
YOU Patch Nr: 12005
SUSE LINUX 10.1
  • seamonkey >= 1.0.9-1.7
  • seamonkey-calendar >= 1.0.9-1.7
  • seamonkey-dom-inspector >= 1.0.9-1.7
  • seamonkey-irc >= 1.0.9-1.7
  • seamonkey-mail >= 1.0.9-1.7
  • seamonkey-spellchecker >= 1.0.9-1.7
  • seamonkey-venkman >= 1.0.9-1.7
SUSE LINUX 10.0
  • MozillaFirefox >= 2.0.0.10-0.1
  • MozillaFirefox-translations >= 2.0.0.10-0.1
SUSE LINUX 10.1
  • MozillaFirefox >= 2.0.0.10-0.2
  • MozillaFirefox-translations >= 2.0.0.10-0.2