Unrated severityNVD Advisory· Published Jul 10, 2007· Updated Jun 16, 2026
CVE-2007-3656
CVE-2007-3656
Description
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
35cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*+ 31 more
- cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*
- (no CPE)range: <1.8.0.13, >=1.8.1.0 <1.8.1.5
- osv-coords3 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 2 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
- (no CPE)range: < 91.1.1-1.1
Patches
Vulnerability mechanics
References
45- lcamtuf.coredump.cx/ffcache/nvdExploit
- bugzilla.mozilla.org/show_bug.cginvdExploit
- ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txtnvd
- patches.sgi.com/support/free/security/advisories/20070701-01-P.ascnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- osvdb.org/38028nvd
- secunia.com/advisories/25589nvd
- secunia.com/advisories/25990nvd
- secunia.com/advisories/26072nvd
- secunia.com/advisories/26103nvd
- secunia.com/advisories/26107nvd
- secunia.com/advisories/26149nvd
- secunia.com/advisories/26151nvd
- secunia.com/advisories/26159nvd
- secunia.com/advisories/26179nvd
- secunia.com/advisories/26204nvd
- secunia.com/advisories/26205nvd
- secunia.com/advisories/26211nvd
- secunia.com/advisories/26216nvd
- secunia.com/advisories/26258nvd
- secunia.com/advisories/26271nvd
- secunia.com/advisories/26460nvd
- secunia.com/advisories/28135nvd
- securityreason.com/securityalert/2872nvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.htmlnvd
- www.debian.org/security/2007/dsa-1337nvd
- www.debian.org/security/2007/dsa-1338nvd
- www.debian.org/security/2007/dsa-1339nvd
- www.gentoo.org/security/en/glsa/glsa-200708-09.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.mozilla.org/security/announce/2007/mfsa2007-24.htmlnvd
- www.novell.com/linux/security/advisories/2007_49_mozilla.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0722.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0724.htmlnvd
- www.securityfocus.com/archive/1/473191/100/0/threadednvd
- www.securityfocus.com/archive/1/474226/100/0/threadednvd
- www.securityfocus.com/archive/1/474542/100/0/threadednvd
- www.securityfocus.com/bid/24831nvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-490-1nvd
- www.vupen.com/english/advisories/2007/4256nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/35298nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9105nvd
News mentions
0No linked articles in our index yet.