Vulnerability Name: CVE-2007-0778 (CCN-32671) Assigned: 2007-02-23 Published: 2007-02-23 Updated: 2019-10-09 Summary: The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache. CVSS v3 Severity: 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 5.4 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:N/A:N 4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): NoneAvailibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N 1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-200 Vulnerability Consequences: Obtain Information References: Source: SGI20070202-01-P 20070301-01-P CVE-2007-0778 FEDORA-2007-281 FEDORA-2007-293 HPSBUX02153 SUSE-SA:2007:019 Critical: seamonkey security update RHSA-2007:0077 Critical: thunderbird security update Critical: Firefox security update Critical: firefox security update Critical: thunderbird security update Mozilla Firefox Multiple Vulnerabilities 24205 Mozilla SeaMonkey Multiple Vulnerabilities 24238 24287 24290 24293 24320 24328 24333 24342 24343 24384 24393 24395 24437 24455 24457 24650 25588 GLSA-200703-04 Mozilla Firefox Cache Collision May Let Remote Users Obtain Cached Web Page Contents 1017699 SSA:2007-066-05 SSA:2007-066-03 SeaMonkey security update (RHSA-2007-0077) thunderbird security update (RHSA-2007-0078) Firefox security update (RHSA-2007-0079) DSA-1336 mozilla-firefox -- several vulnerabilities Mozilla Firefox: Multiple vulnerabilities SeaMonkey: Multiple vulnerabilities GLSA-200703-08 MDKSA-2007:050 Information disclosure through cache collisions http://www.mozilla.org/security/announce/2007/mfsa2007-03.html SUSE-SA:2007:022 32110 Mozilla Multiple Products Cache Collision Information Disclosure RHSA-2007:0078 RHSA-2007:0079 RHSA-2007:0097 RHSA-2007:0108 20070226 rPSA-2007-0040-1 firefox 20070303 rPSA-2007-0040-3 firefox thunderbird 22694 Mozilla Thunderbird/SeaMonkey/Firefox Multiple Remote Vulnerabilities Firefox vulnerabilities USN-428-1 Firefox regression ADV-2007-0718 ADV-2008-0083 https://bugzilla.mozilla.org/show_bug.cgi?id=347852 mozilla-diskcache-information-disclosure(32671) mozilla-diskcache-information-disclosure(32671) https://issues.rpath.com/browse/RPL-1081 https://issues.rpath.com/browse/RPL-1103 oval:org.mitre.oval:def:9151 MozillaFirefox security update 1.5.0.10/2.0.0.2 Mozilla security problems Vulnerable Configuration: Configuration 1 :cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version >= 1.5 and < 1.5.0.10)OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version >= 2.0 and < 2.0.0.2) OR cpe:/a:mozilla:seamonkey:*:*:*:*:*:*:*:* (Version < 1.0.8) Configuration 2 :cpe:/o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:* OR cpe:/o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:* Configuration 3 :cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* Configuration RedHat 6 :cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* Configuration RedHat 7 :cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:* Configuration RedHat 8 :cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:* Configuration RedHat 9 :cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:* Configuration CCN 1 :cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:2.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:2.0:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:2.0:rc2:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:2.0:rc3:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0::alpha:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0::beta:*:*:*:*:* AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/a:suse:suse_linux_school_server:-:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:* OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:* OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:* OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:* OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:* OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:* Oval Definitions BACK
mozilla firefox *
mozilla firefox *
mozilla seamonkey *
canonical ubuntu linux 5.10
canonical ubuntu linux 6.06
canonical ubuntu linux 6.10
debian debian linux 3.1
mozilla firefox 1.5 beta1
mozilla firefox 2.0
mozilla firefox 1.5.0.2
mozilla firefox 1.5.0.3
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.6
mozilla firefox 1.5.0.7
mozilla seamonkey 1.0.5
mozilla seamonkey 1.0.7
mozilla seamonkey 1.0.2
mozilla firefox 1.5.0.9
mozilla firefox 2.0.0.1
mozilla firefox 2.0 beta1
mozilla firefox 2.0 rc2
mozilla firefox 2.0 rc3
mozilla seamonkey 1.0
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.3
mozilla seamonkey 1.0.4
mozilla seamonkey 1.0.6
mozilla firefox 1.0.5
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.5
mozilla firefox 1.5.0.8
mozilla firefox 1.5 beta2
mozilla seamonkey 1.0
mozilla seamonkey 1.0
gentoo linux *
suse linux enterprise server 8
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
suse suse linux school server -
redhat enterprise linux 3
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux 4
redhat enterprise linux 4
novell linux desktop 9
redhat enterprise linux 4
redhat enterprise linux 4
debian debian linux 3.1
novell open enterprise server *
suse suse linux 10.0
redhat linux advanced workstation 2.1
canonical ubuntu 6.06
suse suse linux 10.1
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux desktop 5.0
redhat enterprise linux 5
redhat enterprise linux 5
redhat enterprise linux 5
novell open enterprise server *
novell opensuse 10.2
suse suse linux 9.3
Denotes that component is vulnerable