CVE-2007-5960

Priority
Description
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer
header to the window or frame in which script is running, instead of the
address of the content that initiated the script, which allows remote
attackers to spoof HTTP Referer headers and bypass Referer-based CSRF
protection schemes by setting window.location and using a modal alert
dialog that causes the wrong Referer to be sent.
Package
Upstream:released (2.0.0.10)
More Information

Updated: 2019-03-19 11:44:18 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)