CVE-2007-5274

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	*	*
Opera_browser	Opera	*	*
Extras for RHEL 3	RedHat	java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3	*
Extras for RHEL 4	RedHat	java-1.5.0-sun-0:1.5.0.13-1jpp.1.el4	*
Extras for RHEL 4	RedHat	java-1.5.0-ibm-1:1.5.0.6-1jpp.2.el4	*
Extras for RHEL 4	RedHat	java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4	*
Supplementary for Red Hat Enterprise Linux 5	RedHat	java-1.5.0-sun-0:1.5.0.13-1jpp.1.el5	*
Supplementary for Red Hat Enterprise Linux 5	RedHat	java-1.5.0-ibm-1:1.5.0.6-1jpp.1.el5	*
Supplementary for Red Hat Enterprise Linux 5	RedHat	java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el5	*
Sun-java5	Ubuntu	dapper	*
Sun-java5	Ubuntu	edgy	*
Sun-java5	Ubuntu	feisty	*
Sun-java5	Ubuntu	gutsy	*
Sun-java5	Ubuntu	hardy	*
Sun-java5	Ubuntu	intrepid	*
Sun-java5	Ubuntu	jaunty	*
Sun-java5	Ubuntu	upstream	*
Sun-java6	Ubuntu	devel	*
Sun-java6	Ubuntu	feisty	*
Sun-java6	Ubuntu	gutsy	*
Sun-java6	Ubuntu	hardy	*
Sun-java6	Ubuntu	intrepid	*
Sun-java6	Ubuntu	jaunty	*
Sun-java6	Ubuntu	karmic	*
Sun-java6	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-5274
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References