LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

firefox: multiple vulnerabilities

Package(s):firefox mozilla seamonkey thunderbird CVE #(s):CVE-2007-1362 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871
Created:June 4, 2007 Updated:August 29, 2007
Description: Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. (CVE-2007-2867, CVE-2007-2868)

A flaw was discovered in the form autocomplete feature. By tricking a user into opening a malicious web page, an attacker could cause a persistent denial of service. (CVE-2007-2869)

Nicolas Derouet discovered flaws in cookie handling. By tricking a user into opening a malicious web page, an attacker could force the browser to consume large quantities of disk or memory while processing long cookie paths. (CVE-2007-1362)

A flaw was discovered in the same-origin policy handling of the addEventListener JavaScript method. A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages. (CVE-2007-2870) Chris Thomas discovered a flaw in XUL popups. A malicious web site could exploit this to spoof or obscure portions of the browser UI, such as the location bar. (CVE-2007-2871)

Alerts:
Ubuntu USN-469-2 2007-08-29
SuSE SUSE-SA:2007:036 2007-06-27
Mandriva MDKSA-2007:131 2007-06-20
Gentoo 200706-06 2007-06-19
Foresight FLEA-2007-0027-1 2007-06-20
Fedora FEDORA-2007-0544 2007-06-18
Mandriva MDKSA-2007:126-1 2007-06-16
Mandriva MDKSA-2007:126 2007-06-15
Slackware SSA:2007-165-01 2007-06-15
Debian DSA-1308-1 2007-06-14
Mandriva MDKSA-2007:120 2007-06-12
Mandriva MDKSA-2007:119 2007-06-12
Debian DSA-1305-1 2007-06-13
Debian DSA-1306-1 2007-06-12
Debian DSA-1300-1 2007-06-07
Ubuntu USN-469-1 2007-06-05
Slackware SSA:2007-152-02 2007-06-04
Ubuntu USN-468-1 2007-06-01
(Log in to post comments)

firefox: multiple vulnerabilities

Posted Jun 14, 2007 3:25 UTC (Thu) by smithj (subscriber, #38034) [Link]

rPath fixed this issue with http://lwn.net/Alerts/236560/

Foresight Linux fixed the issue with http://lwn.net/Alerts/236557/

I wonder why neither of these were listed?

firefox: multiple vulnerabilities

Posted Jun 14, 2007 20:12 UTC (Thu) by ris (editor, #5) [Link]

> rPath fixed this issue with http://lwn.net/Alerts/236560/

> Foresight Linux fixed the issue with http://lwn.net/Alerts/236557/

> I wonder why neither of these were listed?

Because so far we can only assign alerts to one vulnerability report and
those alerts are here http://lwn.net/Vulnerabilities/227549/

firefox: multiple vulnerabilities

Posted Jun 21, 2007 8:47 UTC (Thu) by mjcox@redhat.com (guest, #31775) [Link]

Red Hat issued updates to correct these issues in RHSA-2007:0400 and RHSA-2007:0402 on 2007-05-31

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds