Gravedad: High
  Identificadores de CVE : CVE-2007-0981
  Fecha recomendada: 15 de febrero de 2011

  Descripción

 Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.

  Revelación de la información

Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.

  Soluciones

  Trend Micro Deep Security DPI Rule Number: 1000971
  Trend Micro Deep Security DPI Rule Name: 1000971 - Mozilla Firefox Location.Hostname DOM Property Cookie Theft

  Software y versión afectados

  • Mozilla Firefox 0.10
  • Mozilla Firefox 0.10.1
  • Mozilla Firefox 0.8
  • Mozilla Firefox 0.9
  • Mozilla Firefox 0.9.1
  • Mozilla Firefox 0.9.2
  • Mozilla Firefox 0.9.3
  • Mozilla Firefox 1.0
  • Mozilla Firefox 1.0.1
  • Mozilla Firefox 1.0.2
  • Mozilla Firefox 1.0.3
  • Mozilla Firefox 1.0.4
  • Mozilla Firefox 1.0.5
  • Mozilla Firefox 1.0.6
  • Mozilla Firefox 1.0.7
  • Mozilla Firefox 1.0.8
  • Mozilla Firefox 1.5
  • Mozilla Firefox 1.5.0.1
  • Mozilla Firefox 1.5.0.2
  • Mozilla Firefox 1.5.0.3
  • Mozilla Firefox 1.5.0.4
  • Mozilla Firefox 1.5.0.5
  • Mozilla Firefox 1.5.0.6
  • Mozilla Firefox 1.5.0.7
  • Mozilla Firefox 1.5.0.8
  • Mozilla Firefox 1.5.0.9
  • Mozilla Firefox 1.5.1
  • Mozilla Firefox 1.5.2
  • Mozilla Firefox 1.5.3
  • Mozilla Firefox 1.5.4
  • Mozilla Firefox 1.5.5
  • Mozilla Firefox 1.5.6
  • Mozilla Firefox 1.5.7
  • Mozilla Firefox 1.5.8
  • Mozilla Firefox 2.0
  • Mozilla Firefox 2.0.0.1
  • Mozilla Firefox Preview Release
  • Mozilla SeaMonkey 1.0
  • Mozilla SeaMonkey 1.0.1
  • Mozilla SeaMonkey 1.0.2
  • Mozilla SeaMonkey 1.0.3
  • Mozilla SeaMonkey 1.0.4
  • Mozilla SeaMonkey 1.0.5
  • Mozilla SeaMonkey 1.0.6
  • Mozilla SeaMonkey 1.0.7