Vulnerability Name:

CVE-2015-7208 (CCN-108972)

Assigned:2015-12-15
Published:2015-12-15
Updated:2018-10-30
Summary:Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers.
CVSS v3 Severity:4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2015-7208

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-51b1105902

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-7ab3d3afcf

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:0306

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:0309

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:2353

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:0307

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:0308

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2015/mfsa2015-137.html

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2016/mfsa2016-04.html

Source: BID
Type: UNKNOWN
79280

Source: CCN
Type: BID-79280
Mozilla Firefox Multiple Security Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1034426

Source: SECTRACK
Type: UNKNOWN
1034825

Source: UBUNTU
Type: UNKNOWN
USN-2833-1

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=1191423

Source: XF
Type: UNKNOWN
firefox-cve20157208-sec-bypass(108972)

Source: GENTOO
Type: UNKNOWN
GLSA-201512-10

Source: CCN
Type: Mozilla Foundation Security Advisory 2015-137
Firefox allows for control characters to be set in cookies

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-7208

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version <= 42.0)

  • Configuration 2:
  • cpe:/o:fedoraproject:fedora:22:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:23:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20157208
    V
    CVE-2015-7208
    2023-06-22
    oval:org.opensuse.security:def:7868
    P
    MozillaFirefox-102.11.0-150200.152.87.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:609
    P
    Security update for sqlite3 (Moderate) (in QA)
    2022-10-04
    oval:org.opensuse.security:def:720
    P
    Security update for ucode-intel (Moderate)
    2022-08-31
    oval:org.opensuse.security:def:3252
    P
    libsmi-0.4.8-18.55 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94882
    P
    MozillaFirefox-91.8.0-150200.152.26.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:1523
    P
    Security update for MozillaThunderbird (Important)
    2022-06-13
    oval:org.opensuse.security:def:1167
    P
    Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core (Important)
    2022-05-16
    oval:org.opensuse.security:def:1301
    P
    Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP3) (Important)
    2022-04-14
    oval:org.opensuse.security:def:1056
    P
    Security update for yaml-cpp (Moderate)
    2022-04-01
    oval:org.opensuse.security:def:1412
    P
    Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP3) (Important)
    2022-02-01
    oval:org.opensuse.security:def:113433
    P
    seamonkey-2.40-6.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:111898
    P
    MozillaFirefox-50.1.0-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:945
    P
    Security update for net-snmp (Important)
    2022-01-11
    oval:org.opensuse.security:def:70030
    P
    Security update for xorg-x11-server (Important)
    2021-12-21
    oval:org.opensuse.security:def:93994
    P
    (Important)
    2021-12-06
    oval:org.opensuse.security:def:1639
    P
    Security update for squid (Moderate)
    2021-10-20
    oval:org.opensuse.security:def:105475
    P
    MozillaFirefox-50.1.0-1.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:106834
    P
    seamonkey-2.40-6.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:71207
    P
    hardlink-1.0+git.e66999f-1.25 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:69925
    P
    Security update for ffmpeg (Important)
    2021-09-02
    oval:org.opensuse.security:def:48045
    P
    ibus-chewing-1.4.14-4.11 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47570
    P
    bzip2-1.0.6-29.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47131
    P
    ppc64-diag-2.7.1-5.6 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48191
    P
    libsmi-0.4.8-18.55 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47794
    P
    libtasn1-4.9-3.5.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47266
    P
    glib2-lang-2.48.2-10.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48287
    P
    python-pywbem-0.7.0-4.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48156
    P
    libnetpbm11-10.66.3-8.7.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47591
    P
    dbus-1-1.8.22-29.10.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47242
    P
    dosfstools-3.0.26-6.5 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48302
    P
    sane-backends-1.0.24-3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47831
    P
    mutt-1.10.1-55.6.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47377
    P
    libmpfr4-3.1.2-7.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47130
    P
    powerpc-utils-1.3.2-17.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48129
    P
    libjansson4-2.12-3.5.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47702
    P
    libecpg6-10.5-1.3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47145
    P
    rpcbind-0.2.3-21.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48256
    P
    pam_krb5-2.4.4-4.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47942
    P
    aaa_base-13.2+git20140911.61c1681-38.13.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47459
    P
    pam_krb5-2.4.4-4.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47241
    P
    dnsmasq-2.76-17.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48358
    P
    zypper-1.13.51-21.26.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48240
    P
    memcached-1.4.39-4.6.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47683
    P
    libXrender1-0.9.8-7.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47256
    P
    freeradius-server-3.0.14-1.8 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:62728
    P
    MozillaFirefox-78.10.0-8.38.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101134
    P
    MozillaFirefox-78.10.0-8.38.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:72447
    P
    MozillaFirefox-78.10.0-8.38.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:49443
    P
    Security update for nodejs10 (Important)
    2021-07-14
    oval:org.opensuse.security:def:48469
    P
    libXinerama1-1.1.3-3.54 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:71094
    P
    rpcbind-0.2.3-3.22 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48398
    P
    cyrus-sasl-2.1.26-7.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48367
    P
    apache-commons-httpclient-3.1-4.364 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:64507
    P
    Security update for hivex (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:67754
    P
    Security update for the Linux Kernel (Live Patch 21 for SLE 15) (Important)
    2021-04-28
    oval:org.opensuse.security:def:100707
    P
    (Important)
    2021-02-17
    oval:org.opensuse.security:def:116931
    P
    MozillaFirefox-68.8.0-3.87.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:72109
    P
    MozillaFirefox-52.7.3-1.35 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62390
    P
    MozillaFirefox-52.7.3-1.35 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:89851
    P
    MozillaFirefox-60.6.2-3.32.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:72220
    P
    MozillaFirefox-60.6.2-3.32.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:103506
    P
    MozillaFirefox-60.6.2-3.32.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62501
    P
    MozillaFirefox-60.6.2-3.32.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:72331
    P
    MozillaFirefox-68.8.0-3.87.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:107373
    P
    MozillaFirefox-68.8.0-3.87.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62612
    P
    MozillaFirefox-68.8.0-3.87.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:73365
    P
    MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49386
    P
    MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49554
    P
    libjbig2-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:66674
    P
    MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49497
    P
    MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64420
    P
    opensc on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:73247
    P
    libxcb-composite0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:67854
    P
    MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49332
    P
    socat on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49608
    P
    MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:66582
    P
    pam on GA media (Moderate)
    2020-12-01
    oval:com.ubuntu.precise:def:20157208000
    V
    CVE-2015-7208 on Ubuntu 12.04 LTS (precise) - medium.
    2015-12-16
    oval:com.ubuntu.trusty:def:20157208000
    V
    CVE-2015-7208 on Ubuntu 14.04 LTS (trusty) - medium.
    2015-12-16
    BACK
    mozilla firefox *
    fedoraproject fedora 22
    fedoraproject fedora 23
    opensuse leap 42.1
    opensuse opensuse 13.1
    opensuse opensuse 13.2