LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

firefox: multiple vulnerabilities

Package(s):firefox CVE #(s):CVE-2007-3844 CVE-2007-3845
Created:August 1, 2007 Updated:February 20, 2008
Description:

A flaw was discovered in handling of "about:blank" windows used by addons. A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages. (CVE-2007-3844)

Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. In rare configurations, after tricking a user into opening a malicious web page, an attacker could execute helpers with arbitrary arguments with the user's privileges. (CVE-2007-3845)

Alerts:
Mandriva MDVSA-2007:047 2007-02-19
Fedora FEDORA-2007-3414 2007-11-16
Fedora FEDORA-2007-3431 2007-11-16
Red Hat RHSA-2007:0981-01 2007-10-19
Red Hat RHSA-2007:0980-01 2007-10-19
Red Hat RHSA-2007:0979-01 2007-10-19
Debian DSA-1391-1 2007-10-19
Gentoo 200708-09 2007-08-14
rPath rPSA-2007-0157-1 2007-08-10
Slackware SSA:2007-215-01 2007-08-06
Debian DSA-1346-1 2007-08-04
Debian DSA-1345-1 2007-08-04
Debian DSA-1344-1 2007-08-03
Foresight FLEA-2007-0040-1 2007-08-03
Slackware SSA:2007-213-01 2007-08-02
Mandriva MDKSA-2007:152 2007-08-01
Foresight FLEA-2007-0039-1 2007-08-01
Ubuntu USN-493-1 2007-07-31
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds