Unrated severityNVD Advisory· Published Feb 16, 2007· Updated Jun 16, 2026
CVE-2007-0981
CVE-2007-0981
Description
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
55cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 43 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=1.5.0.9
- cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:preview_release:*:*:*:*:*:*:*
- (no CPE)range: <1.5.0.10, <2.0.0.2
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*range: <=1.0.7
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
- (no CPE)range: <1.0.8
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
Patches
Vulnerability mechanics
References
57- lcamtuf.dione.cc/ffhostname.htmlnvdExploit
- rhn.redhat.com/errata/RHSA-2007-0077.htmlnvdVendor Advisory
- secunia.com/advisories/24175nvdVendor Advisory
- secunia.com/advisories/24205nvdVendor Advisory
- secunia.com/advisories/24238nvdVendor Advisory
- secunia.com/advisories/24287nvdVendor Advisory
- secunia.com/advisories/24290nvdVendor Advisory
- secunia.com/advisories/24293nvdVendor Advisory
- secunia.com/advisories/24320nvdVendor Advisory
- secunia.com/advisories/24328nvdVendor Advisory
- secunia.com/advisories/24333nvdVendor Advisory
- secunia.com/advisories/24342nvdVendor Advisory
- secunia.com/advisories/24343nvdVendor Advisory
- secunia.com/advisories/24384nvdVendor Advisory
- secunia.com/advisories/24393nvdVendor Advisory
- secunia.com/advisories/24395nvdVendor Advisory
- secunia.com/advisories/24437nvdVendor Advisory
- secunia.com/advisories/24455nvdVendor Advisory
- secunia.com/advisories/24457nvdVendor Advisory
- secunia.com/advisories/24650nvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2007-0078.htmlnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2007-0079.htmlnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2007-0097.htmlnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2007-0108.htmlnvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdVendor Advisory
- www.kb.cert.org/vuls/id/885753nvdUS Government Resource
- patches.sgi.com/support/free/security/advisories/20070202-01-P.ascnvd
- patches.sgi.com/support/free/security/advisories/20070301-01-P.ascnvd
- fedoranews.org/cms/node/2713nvd
- fedoranews.org/cms/node/2728nvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- lists.suse.com/archive/suse-security-announce/2007-Mar/0001.htmlnvd
- secunia.com/advisories/25588nvd
- security.gentoo.org/glsa/glsa-200703-04.xmlnvd
- securityreason.com/securityalert/2262nvd
- securitytracker.com/idnvd
- slackware.com/security/viewer.phpnvd
- slackware.com/security/viewer.phpnvd
- www.debian.org/security/2007/dsa-1336nvd
- www.gentoo.org/security/en/glsa/glsa-200703-08.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.mozilla.org/security/announce/2007/mfsa2007-07.htmlnvd
- www.novell.com/linux/security/advisories/2007_22_mozilla.htmlnvd
- www.osvdb.org/32104nvd
- www.securityfocus.com/archive/1/460126/100/200/threadednvd
- www.securityfocus.com/archive/1/460217/100/0/threadednvd
- www.securityfocus.com/archive/1/461336/100/0/threadednvd
- www.securityfocus.com/archive/1/461809/100/0/threadednvd
- www.securityfocus.com/bid/22566nvd
- www.ubuntu.com/usn/usn-428-1nvd
- www.vupen.com/english/advisories/2007/0624nvd
- www.vupen.com/english/advisories/2007/0718nvd
- www.vupen.com/english/advisories/2008/0083nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/32533nvd
- issues.rpath.com/browse/RPL-1081nvd
- issues.rpath.com/browse/RPL-1103nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9730nvd
News mentions
0No linked articles in our index yet.