Unrated severityNVD Advisory· Published Aug 15, 2007· Updated Jun 16, 2026
CVE-2007-4357
CVE-2007-4357
Description
Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. NOTE: the severity of this issue has been disputed by a reliable third party, since the intended functionality of the status bar allows it to be modified.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=2.0.0.6
- (no CPE)range: <=2.0.0.6
Patches
Vulnerability mechanics
References
7- my.opera.com/MichalBucko/blog/firefox-2-0-0-5-uri-encoding-allows-phishingnvdExploit
- www.eleytt.com/michal.bucko/Eleytt_PhishAGoGo/bucked2.htmlnvdExploit
- www.securityfocus.com/archive/1/475467/100/100/threadednvd
- www.securityfocus.com/archive/1/475531/100/100/threadednvd
- www.securityfocus.com/archive/1/475651/100/0/threadednvd
- www.securityfocus.com/archive/1/475970/100/0/threadednvd
- www.securityfocus.com/archive/1/476062/100/0/threadednvd
News mentions
0No linked articles in our index yet.