CVE-2007-1116

Published: Feb 26, 2007Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript, which allows remote attackers to obtain sensitive information by querying the browser's session history.

Affected (1)

Products: Mozilla: Firefox

Mozilla

1 product

Firefox

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Version 1.8

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

http://osvdb.org/33804

Source: cve@mitre.org

http://securityreason.com/securityalert/2309

Source: cve@mitre.org

http://www.gnucitizen.org/projects/hscan-redux/

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/461006/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/461013/100/0/threaded

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=371375

Source: cve@mitre.org

PatchVendor Advisory

http://osvdb.org/33804