CVE-2007-5337

Published: Oct 21, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.

Affected (3)

Products: Gnome: Gnome Vfs · Mozilla: Firefox, Seamonkey

1 product

2 products

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gnome Gnome Vfs	All versions
Mozilla Firefox	Up to 2.0.0.7
Mozilla Seamonkey	Up to 1.1.4

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (94)

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Source: secalert@redhat.com

http://secunia.com/advisories/27276

Source: secalert@redhat.com

http://secunia.com/advisories/27298

Source: secalert@redhat.com

http://secunia.com/advisories/27325

Source: secalert@redhat.com

http://secunia.com/advisories/27327

Source: secalert@redhat.com

http://secunia.com/advisories/27335

Source: secalert@redhat.com

http://secunia.com/advisories/27336

Source: secalert@redhat.com

http://secunia.com/advisories/27356

Source: secalert@redhat.com

http://secunia.com/advisories/27360

Source: secalert@redhat.com

http://secunia.com/advisories/27383

Source: secalert@redhat.com

http://secunia.com/advisories/27387

Source: secalert@redhat.com

http://secunia.com/advisories/27403

Source: secalert@redhat.com

http://secunia.com/advisories/27414

Source: secalert@redhat.com

http://secunia.com/advisories/27425

Source: secalert@redhat.com

http://secunia.com/advisories/27480

Source: secalert@redhat.com

http://secunia.com/advisories/27665

Source: secalert@redhat.com

http://secunia.com/advisories/27680

Source: secalert@redhat.com

http://secunia.com/advisories/28398

Source: secalert@redhat.com

http://securitytracker.com/id?1018837

Source: secalert@redhat.com

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

Source: secalert@redhat.com

http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

Source: secalert@redhat.com

http://www.debian.org/security/2007/dsa-1392

Source: secalert@redhat.com

http://www.debian.org/security/2007/dsa-1396

Source: secalert@redhat.com

http://www.debian.org/security/2007/dsa-1401

Source: secalert@redhat.com

http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml

Source: secalert@redhat.com

http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202

Source: secalert@redhat.com

http://www.mozilla.org/security/announce/2007/mfsa2007-34.html

Source: secalert@redhat.com

Patch

http://www.novell.com/linux/security/advisories/2007_57_mozilla.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2007-0979.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2007-0980.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2007-0981.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/482876/100/200/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/482925/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/482932/100/200/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/26132

Source: secalert@redhat.com

http://www.ubuntu.com/usn/usn-536-1

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2007/3544

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2007/3587

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2008/0083

Source: secalert@redhat.com

https://bugzilla.mozilla.org/show_bug.cgi?id=381146

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/37287

Source: secalert@redhat.com

https://issues.rpath.com/browse/RPL-1858

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11443

Source: secalert@redhat.com

https://usn.ubuntu.com/535-1/

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html

Source: secalert@redhat.com

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742