|
|
Subscribe / Log in / New account

firefox: multiple vulnerabilities

Package(s):firefox mozilla seamonkey thunderbird CVE #(s):CVE-2007-1362 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871
Created:June 4, 2007 Updated:August 29, 2007
Description: Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. (CVE-2007-2867, CVE-2007-2868)

A flaw was discovered in the form autocomplete feature. By tricking a user into opening a malicious web page, an attacker could cause a persistent denial of service. (CVE-2007-2869)

Nicolas Derouet discovered flaws in cookie handling. By tricking a user into opening a malicious web page, an attacker could force the browser to consume large quantities of disk or memory while processing long cookie paths. (CVE-2007-1362)

A flaw was discovered in the same-origin policy handling of the addEventListener JavaScript method. A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages. (CVE-2007-2870) Chris Thomas discovered a flaw in XUL popups. A malicious web site could exploit this to spoof or obscure portions of the browser UI, such as the location bar. (CVE-2007-2871)

Alerts:
Ubuntu USN-469-2 thunderbird 2007-08-29
SuSE SUSE-SA:2007:036 firefox, thunderbird, seamonkey 2007-06-27
Mandriva MDKSA-2007:131 mozilla-thunderbird 2007-06-20
Gentoo 200706-06 mozilla-firefox 2007-06-19
Foresight FLEA-2007-0027-1 thunderbird 2007-06-20
Fedora FEDORA-2007-0544 thunderbird 2007-06-18
Mandriva MDKSA-2007:126-1 mozilla-firefox 2007-06-16
Mandriva MDKSA-2007:126 mozilla-firefox 2007-06-15
Slackware SSA:2007-165-01 thunderbird 2007-06-15
Debian DSA-1308-1 iceweasel 2007-06-14
Mandriva MDKSA-2007:120 mozilla-firefox 2007-06-12
Mandriva MDKSA-2007:119 mozilla-thunderbird 2007-06-12
Debian DSA-1305-1 icedove 2007-06-13
Debian DSA-1306-1 xulrunner 2007-06-12
Debian DSA-1300-1 iceape 2007-06-07
Ubuntu USN-469-1 mozilla-thunderbird 2007-06-05
Slackware SSA:2007-152-02 mozilla 2007-06-04
Ubuntu USN-468-1 firefox 2007-06-01
to post comments

firefox: multiple vulnerabilities

Posted Jun 14, 2007 3:25 UTC (Thu) by smithj (guest, #38034) [Link] (1 responses)

rPath fixed this issue with http://lwn.net/Alerts/236560/

Foresight Linux fixed the issue with http://lwn.net/Alerts/236557/

I wonder why neither of these were listed?

firefox: multiple vulnerabilities

Posted Jun 14, 2007 20:12 UTC (Thu) by ris (subscriber, #5) [Link]

> rPath fixed this issue with http://lwn.net/Alerts/236560/

> Foresight Linux fixed the issue with http://lwn.net/Alerts/236557/

> I wonder why neither of these were listed?

Because so far we can only assign alerts to one vulnerability report and
those alerts are here http://lwn.net/Vulnerabilities/227549/

firefox: multiple vulnerabilities

Posted Jun 21, 2007 8:47 UTC (Thu) by mjcox@redhat.com (guest, #31775) [Link]

Red Hat issued updates to correct these issues in RHSA-2007:0400 and RHSA-2007:0402 on 2007-05-31


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds