CVE-2007-5337 - Vulnerability Details

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gnome	Gnome-vfs
Linux	Linux Kernel
Mozilla	Firefox Seamonkey
Redhat	Enterprise Linux

Configuration 1 [-]

AND

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:gnome:gnome-vfs::::::::
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
seamonkey-0:1.0.9-0.6.el2	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2007:0980	2007-10-19T00:00:00Z
Red Hat Enterprise Linux 3
seamonkey-0:1.0.9-0.5.el3	cpe:/o:redhat:enterprise_linux:3	RHSA-2007:0980	2007-10-19T00:00:00Z
Red Hat Enterprise Linux 4
firefox-0:1.5.0.12-0.7.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2007:0979	2007-10-19T00:00:00Z
seamonkey-0:1.0.9-6.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2007:0980	2007-10-19T00:00:00Z
thunderbird-0:1.5.0.12-0.5.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2007:0981	2007-10-19T00:00:00Z
Red Hat Enterprise Linux 5
firefox-0:1.5.0.12-6.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2007:0979	2007-10-19T00:00:00Z
thunderbird-0:1.5.0.12-5.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2007:0981	2007-10-19T00:00:00Z

References

Link	Providers
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://secunia.com/advisories/27276
http://secunia.com/advisories/27298
http://secunia.com/advisories/27325
http://secunia.com/advisories/27327
http://secunia.com/advisories/27335
http://secunia.com/advisories/27336
http://secunia.com/advisories/27356
http://secunia.com/advisories/27360
http://secunia.com/advisories/27383
http://secunia.com/advisories/27387
http://secunia.com/advisories/27403
http://secunia.com/advisories/27414
http://secunia.com/advisories/27425
http://secunia.com/advisories/27480
http://secunia.com/advisories/27665
http://secunia.com/advisories/27680
http://secunia.com/advisories/28398
http://securitytracker.com/id?1018837
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
http://www.debian.org/security/2007/dsa-1392
http://www.debian.org/security/2007/dsa-1396
http://www.debian.org/security/2007/dsa-1401
http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
http://www.mozilla.org/security/announce/2007/mfsa2007-34.html
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
http://www.redhat.com/support/errata/RHSA-2007-0979.html
http://www.redhat.com/support/errata/RHSA-2007-0980.html
http://www.redhat.com/support/errata/RHSA-2007-0981.html
http://www.securityfocus.com/archive/1/482876/100/200/threaded
http://www.securityfocus.com/archive/1/482925/100/0/threaded
http://www.securityfocus.com/archive/1/482932/100/200/threaded
http://www.securityfocus.com/bid/26132
http://www.ubuntu.com/usn/usn-536-1
http://www.vupen.com/english/advisories/2007/3544
http://www.vupen.com/english/advisories/2007/3587
http://www.vupen.com/english/advisories/2008/0083
https://bugzilla.mozilla.org/show_bug.cgi?id=381146
https://exchange.xforce.ibmcloud.com/vulnerabilities/37287
https://issues.rpath.com/browse/RPL-1858
https://nvd.nist.gov/vuln/detail/CVE-2007-5337
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11443
https://usn.ubuntu.com/535-1/
https://www.cve.org/CVERecord?id=CVE-2007-5337
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2007-10-21T20:00:00

Updated: 2024-08-07T15:24:42.535Z

Reserved: 2007-10-10T00:00:00

Link: CVE-2007-5337

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-10-21T20:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-5337

Redhat

Severity : Moderate

Publid Date: 2007-10-18T00:00:00Z

Links: CVE-2007-5337 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-18T00:00:00", "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2007-2601", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html"}, {"name": "20071026 rPSA-2007-0225-1 firefox", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded"}, {"name": "mozilla-sftp-file-access(37287)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37287"}, {"name": "oval:org.mitre.oval:def:11443", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11443"}, {"name": "ADV-2007-3587", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3587"}, {"name": "27414", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27414"}, {"name": "20071029 FLEA-2007-0062-1 firefox", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1858"}, {"name": "GLSA-200711-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml"}, {"name": "27360", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27360"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-34.html"}, {"name": "HPSBUX02153", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "27298", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27298"}, {"name": "1018837", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018837"}, {"name": "27327", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27327"}, {"name": "ADV-2007-3544", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3544"}, {"name": "27276", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27276"}, {"name": "USN-535-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/535-1/"}, {"name": "DSA-1401", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1401"}, {"name": "DSA-1392", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1392"}, {"name": "RHSA-2007:0980", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0980.html"}, {"name": "27383", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27383"}, {"name": "SUSE-SA:2007:057", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=381146"}, {"name": "27356", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27356"}, {"name": "RHSA-2007:0981", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0981.html"}, {"name": "ADV-2008-0083", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0083"}, {"name": "27387", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27387"}, {"name": "FEDORA-2007-3431", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html"}, {"name": "27403", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27403"}, {"name": "27336", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27336"}, {"name": "DSA-1396", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1396"}, {"name": "27425", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27425"}, {"name": "28398", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28398"}, {"name": "SSRT061181", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "27325", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27325"}, {"name": "MDKSA-2007:202", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202"}, {"name": "27665", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27665"}, {"name": "RHSA-2007:0979", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0979.html"}, {"name": "27335", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27335"}, {"name": "FEDORA-2007-2664", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html"}, {"name": "27480", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27480"}, {"name": "27680", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27680"}, {"name": "26132", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26132"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html"}, {"name": "201516", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"}, {"name": "20071029 rPSA-2007-0225-2 firefox thunderbird", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded"}, {"name": "USN-536-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-536-1"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:24:42.535Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2007-2601", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html"}, {"name": "20071026 rPSA-2007-0225-1 firefox", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded"}, {"name": "mozilla-sftp-file-access(37287)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37287"}, {"name": "oval:org.mitre.oval:def:11443", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11443"}, {"name": "ADV-2007-3587", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3587"}, {"name": "27414", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27414"}, {"name": "20071029 FLEA-2007-0062-1 firefox", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-1858"}, {"name": "GLSA-200711-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml"}, {"name": "27360", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27360"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-34.html"}, {"name": "HPSBUX02153", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "27298", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27298"}, {"name": "1018837", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1018837"}, {"name": "27327", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27327"}, {"name": "ADV-2007-3544", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3544"}, {"name": "27276", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27276"}, {"name": "USN-535-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/535-1/"}, {"name": "DSA-1401", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1401"}, {"name": "DSA-1392", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1392"}, {"name": "RHSA-2007:0980", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0980.html"}, {"name": "27383", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27383"}, {"name": "SUSE-SA:2007:057", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=381146"}, {"name": "27356", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27356"}, {"name": "RHSA-2007:0981", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0981.html"}, {"name": "ADV-2008-0083", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0083"}, {"name": "27387", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27387"}, {"name": "FEDORA-2007-3431", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html"}, {"name": "27403", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27403"}, {"name": "27336", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27336"}, {"name": "DSA-1396", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1396"}, {"name": "27425", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27425"}, {"name": "28398", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28398"}, {"name": "SSRT061181", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "27325", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27325"}, {"name": "MDKSA-2007:202", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202"}, {"name": "27665", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27665"}, {"name": "RHSA-2007:0979", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0979.html"}, {"name": "27335", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27335"}, {"name": "FEDORA-2007-2664", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html"}, {"name": "27480", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27480"}, {"name": "27680", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27680"}, {"name": "26132", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26132"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html"}, {"name": "201516", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"}, {"name": "20071029 rPSA-2007-0225-2 firefox thunderbird", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded"}, {"name": "USN-536-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-536-1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-5337", "datePublished": "2007-10-21T20:00:00", "dateReserved": "2007-10-10T00:00:00", "dateUpdated": "2024-08-07T15:24:42.535Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:gnome-vfs:*:*:*:*:*:*:*:*", "matchCriteriaId": "76891928-BB62-4BD6-8FDC-B6BB3A50704E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A383873-7B11-41FA-A64D-8526370456F0", "versionEndIncluding": "2.0.0.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB0F8C75-4934-453B-B502-8D0B6E9873EA", "versionEndIncluding": "1.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server."}, {"lang": "es", "value": "El Mozilla Firefox anterior al 2.0.0.8 y el SeaMonkey anterior al 1.1.5, cuando corren bajo sistemas Linux con el soporte gnome-vfs, puede permitir a atacantes remotos leer ficheros de su elecci\u00f3n en servidores SSH/sftp que aceptan la clave de autenticaci\u00f3n mediante la creaci\u00f3n de una p\u00e1gina web en el servidor objetivo, en donde la p\u00e1gina web contenga URIs con esquemas (1) smb: o (2) sftp: que acceden a otros ficheros del servidor."}], "id": "CVE-2007-5337", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-10-21T20:17:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"source": "secalert@redhat.com", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27276"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27298"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27325"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27327"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27335"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27336"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27356"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27360"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27383"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27387"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27403"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27414"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27425"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27480"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27665"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27680"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/28398"}, {"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1018837"}, {"source": "secalert@redhat.com", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"}, {"source": "secalert@redhat.com", "url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2007/dsa-1392"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2007/dsa-1396"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2007/dsa-1401"}, {"source": "secalert@redhat.com", "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-34.html"}, {"source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0979.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0980.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0981.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/26132"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/usn-536-1"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/3544"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/3587"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2008/0083"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=381146"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37287"}, {"source": "secalert@redhat.com", "url": "https://issues.rpath.com/browse/RPL-1858"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11443"}, {"source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/535-1/"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27276"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27298"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27325"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27327"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27335"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27336"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27356"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27360"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27383"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27387"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27403"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27414"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27425"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27480"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27665"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27680"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28398"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1018837"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2007/dsa-1392"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2007/dsa-1396"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2007/dsa-1401"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-34.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0979.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0980.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0981.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26132"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-536-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/3544"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/3587"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0083"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=381146"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37287"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.rpath.com/browse/RPL-1858"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11443"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/535-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2007:0980", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "seamonkey-0:1.0.9-0.6.el2", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2007-10-19T00:00:00Z"}, {"advisory": "RHSA-2007:0980", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "seamonkey-0:1.0.9-0.5.el3", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2007-10-19T00:00:00Z"}, {"advisory": "RHSA-2007:0979", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "firefox-0:1.5.0.12-0.7.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-10-19T00:00:00Z"}, {"advisory": "RHSA-2007:0980", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "seamonkey-0:1.0.9-6.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-10-19T00:00:00Z"}, {"advisory": "RHSA-2007:0981", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "thunderbird-0:1.5.0.12-0.5.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-10-19T00:00:00Z"}, {"advisory": "RHSA-2007:0979", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:1.5.0.12-6.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-10-19T00:00:00Z"}, {"advisory": "RHSA-2007:0981", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "thunderbird-0:1.5.0.12-5.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-10-19T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1618325", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618325"}, "csaw": false, "details": ["Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server."], "name": "CVE-2007-5337", "public_date": "2007-10-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-5337\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-5337"], "threat_severity": "Moderate"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object