Vulnerability CVE-2005-2707 - CERT Civis.Net

Vulnerability Name:

CVE-2005-2707 (CCN-22380)

Assigned:

2005-09-21

Published:

2005-09-21

Updated:

2017-10-11

Summary:

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Bypass Security

References:

Source: SCO
Type: UNKNOWN
SCOSA-2005.49

Source: MITRE
Type: CNA
CVE-2005-2707

Source: CCN
Type: RHSA-2005-785
firefox security update

Source: CCN
Type: RHSA-2005-789
mozilla security update

Source: CCN
Type: RHSA-2005-791
thunderbird security update

Source: CCN
Type: SA16911
Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
16911

Source: CCN
Type: SA16917
Mozilla Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
16917

Source: SECUNIA
Type: UNKNOWN
16977

Source: SECUNIA
Type: UNKNOWN
17014

Source: SECUNIA
Type: UNKNOWN
17026

Source: SECUNIA
Type: UNKNOWN
17042

Source: SECUNIA
Type: UNKNOWN
17090

Source: SECUNIA
Type: UNKNOWN
17149

Source: SECUNIA
Type: UNKNOWN
17263

Source: SECUNIA
Type: UNKNOWN
17284

Source: SECUNIA
Type: UNKNOWN
19823

Source: CCN
Type: SECTRACK ID: 1014954
Mozilla Firefox Integer/Buffer Overflows, Spoofing Bugs, and Access Control Errors Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1014954

Source: CCN
Type: CIAC INFORMATION BULLETIN P-310
Firefox Security Update

Source: CCN
Type: CIAC INFORMATION BULLETIN P-311
Mozilla security update

Source: DEBIAN
Type: UNKNOWN
DSA-838

Source: DEBIAN
Type: UNKNOWN
DSA-866

Source: DEBIAN
Type: UNKNOWN
DSA-868

Source: DEBIAN
Type: DSA-838
mozilla-firefox -- multiple vulnerabilities

Source: DEBIAN
Type: DSA-866
mozilla -- several vulnerabilities

Source: DEBIAN
Type: DSA-868
mozilla-thunderbird -- several vulnerabilities

Source: CCN
Type: GLSA-200509-11
Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:169

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:170

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:174

Source: CCN
Type: Mozilla Firefox Download Web page
Firefox - Rediscover the web

Source: CCN
Type: Mozilla Suite Download Web page
Mozilla Suite- The All-in-One Internet Application Suite

Source: CCN
Type: MFSA 2005-58
Firefox, Mozilla Suite

Source: CCN
Type: MFSA 2005-59
Command-line handling on Linux allows shell execution

Source: CONFIRM
Type: UNKNOWN
http://www.mozilla.org/security/announce/mfsa2005-59.html

Source: SUSE
Type: UNKNOWN
SUSE-SA:2005:058

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:004

Source: FEDORA
Type: UNKNOWN
FLSA-2006:168375

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2005:785

Source: REDHAT
Type: UNKNOWN
RHSA-2005:789

Source: REDHAT
Type: UNKNOWN
RHSA-2005:791

Source: BID
Type: UNKNOWN
14919

Source: CCN
Type: BID-14919
Mozilla Browser/Firefox Chrome Window Spoofing Vulnerability

Source: BID
Type: UNKNOWN
15495

Source: CCN
Type: BID-15495
SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Multiple Vulnerabilities Fixed

Source: CCN
Type: USN-186-1
Mozilla and Firefox vulnerabilities

Source: CCN
Type: USN-186-2
Ubuntu 4.10 packages for USN-186-1 Firefox security update

Source: CCN
Type: USN-200-1
Thunderbird vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2005-1824

Source: XF
Type: UNKNOWN
mozilla-chrome-window-spoofing(22380)

Source: XF
Type: UNKNOWN
mozilla-chrome-window-spoofing(22380)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11130

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1197

Source: SUSE
Type: SUSE-SA:2005:058
mozillaMozillaFirefox: remote command execution

Source: SUSE
Type: SUSE-SA:2006:022
MozillaThunderbird various problems

Vulnerable Configuration:

Configuration 1:

cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version <= 1.0.6)

OR cpe:/a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla_suite:*:*:*:*:*:*:*:* (Version <= 1.7.11)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1::as:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20052707	V	CVE-2005-2707	2015-11-16
oval:org.mitre.oval:def:11130	V	Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.	2013-04-29
oval:org.mitre.oval:def:1197	V	Firefox/Mozilla Suite Chrome Window Spoofing Vulnerability	2007-05-09
oval:org.debian:def:866	V	several vulnerabilities	2005-10-20
oval:org.debian:def:868	V	several vulnerabilities	2005-10-20
oval:com.redhat.rhsa:def:20050791	P	RHSA-2005:791: thunderbird security update (Important)	2005-10-06
oval:org.debian:def:838	V	multiple vulnerabilities	2005-10-02
oval:com.redhat.rhsa:def:20050785	P	RHSA-2005:785: firefox security update (Critical)	2005-09-22
oval:com.redhat.rhsa:def:20050789	P	RHSA-2005:789: mozilla security update (Critical)	2005-09-22