NVD脆弱性詳細

CVE-2007-5337

概要	Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.
公表日	2007年10月22日5:17
登録日	2021年1月29日14:21
最終更新日	2018年10月16日6:43

CVSS2.0 : MEDIUM
スコア	4.3
ベクター	AV:N/AC:M/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	はい

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:gnome:gnome-vfs::::::::
cpe:2.3:a:mozilla:firefox::::::::		2.0.0.7
cpe:2.3:a:mozilla:seamonkey::::::::		1.1.4

関連情報、対策とツール

No	URL	refsource	タグ
1	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	HP
2	http://secunia.com/advisories/27276	SECUNIA
3	http://secunia.com/advisories/27298	SECUNIA
4	http://secunia.com/advisories/27325	SECUNIA
5	http://secunia.com/advisories/27327	SECUNIA
6	http://secunia.com/advisories/27335	SECUNIA
7	http://secunia.com/advisories/27336	SECUNIA
8	http://secunia.com/advisories/27356	SECUNIA
9	http://secunia.com/advisories/27360	SECUNIA
10	http://secunia.com/advisories/27383	SECUNIA
11	http://secunia.com/advisories/27387	SECUNIA
12	http://secunia.com/advisories/27403	SECUNIA
13	http://secunia.com/advisories/27414	SECUNIA
14	http://secunia.com/advisories/27425	SECUNIA
15	http://secunia.com/advisories/27480	SECUNIA
16	http://secunia.com/advisories/27665	SECUNIA
17	http://secunia.com/advisories/27680	SECUNIA
18	http://secunia.com/advisories/28398	SECUNIA
19	http://securitytracker.com/id?1018837	SECTRACK
20	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1	SUNALERT
21	http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html	CONFIRM
22	http://www.debian.org/security/2007/dsa-1392	DEBIAN
23	http://www.debian.org/security/2007/dsa-1396	DEBIAN
24	http://www.debian.org/security/2007/dsa-1401	DEBIAN
25	http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml	GENTOO
26	http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202	MANDRIVA
27	http://www.mozilla.org/security/announce/2007/mfsa2007-34.html	CONFIRM	Patch
28	http://www.novell.com/linux/security/advisories/2007_57_mozilla.html	SUSE
29	http://www.redhat.com/support/errata/RHSA-2007-0979.html	REDHAT
30	http://www.redhat.com/support/errata/RHSA-2007-0980.html	REDHAT
31	http://www.redhat.com/support/errata/RHSA-2007-0981.html	REDHAT
32	http://www.securityfocus.com/archive/1/482876/100/200/threaded	BUGTRAQ
33	http://www.securityfocus.com/archive/1/482925/100/0/threaded	BUGTRAQ
34	http://www.securityfocus.com/archive/1/482932/100/200/threaded	BUGTRAQ
35	http://www.securityfocus.com/bid/26132	BID
36	http://www.ubuntu.com/usn/usn-536-1	UBUNTU
37	http://www.vupen.com/english/advisories/2007/3544	VUPEN
38	http://www.vupen.com/english/advisories/2007/3587	VUPEN
39	http://www.vupen.com/english/advisories/2008/0083	VUPEN
40	https://bugzilla.mozilla.org/show_bug.cgi?id=381146	MISC
41	https://exchange.xforce.ibmcloud.com/vulnerabilities/37287	XF
42	https://issues.rpath.com/browse/RPL-1858	CONFIRM
43	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11443	OVAL
44	https://usn.ubuntu.com/535-1/	UBUNTU
45	https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html	FEDORA
46	https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html	FEDORA
47	https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html	FEDORA

共通脆弱性一覧