Unrated severityNVD Advisory· Published Jul 10, 2007· Updated Apr 23, 2026
CVE-2007-3656
CVE-2007-3656
Description
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.
Affected products
31cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*+ 30 more
- cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
45- lcamtuf.coredump.cx/ffcache/nvdExploit
- bugzilla.mozilla.org/show_bug.cginvdExploit
- ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txtnvd
- patches.sgi.com/support/free/security/advisories/20070701-01-P.ascnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- osvdb.org/38028nvd
- secunia.com/advisories/25589nvd
- secunia.com/advisories/25990nvd
- secunia.com/advisories/26072nvd
- secunia.com/advisories/26103nvd
- secunia.com/advisories/26107nvd
- secunia.com/advisories/26149nvd
- secunia.com/advisories/26151nvd
- secunia.com/advisories/26159nvd
- secunia.com/advisories/26179nvd
- secunia.com/advisories/26204nvd
- secunia.com/advisories/26205nvd
- secunia.com/advisories/26211nvd
- secunia.com/advisories/26216nvd
- secunia.com/advisories/26258nvd
- secunia.com/advisories/26271nvd
- secunia.com/advisories/26460nvd
- secunia.com/advisories/28135nvd
- securityreason.com/securityalert/2872nvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.htmlnvd
- www.debian.org/security/2007/dsa-1337nvd
- www.debian.org/security/2007/dsa-1338nvd
- www.debian.org/security/2007/dsa-1339nvd
- www.gentoo.org/security/en/glsa/glsa-200708-09.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.mozilla.org/security/announce/2007/mfsa2007-24.htmlnvd
- www.novell.com/linux/security/advisories/2007_49_mozilla.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0722.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0724.htmlnvd
- www.securityfocus.com/archive/1/473191/100/0/threadednvd
- www.securityfocus.com/archive/1/474226/100/0/threadednvd
- www.securityfocus.com/archive/1/474542/100/0/threadednvd
- www.securityfocus.com/bid/24831nvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-490-1nvd
- www.vupen.com/english/advisories/2007/4256nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/35298nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9105nvd
News mentions
0No linked articles in our index yet.