FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-0800

This CVE name corresponds to:

Entered Topic
2007-02-24 mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-0800 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-0800
Phase Assigned(20070207)

Description

Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.

References

Source Reference
BUGTRAQ 20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops
BUGTRAQ 20070205 Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops
BUGTRAQ 20070226 rPSA-2007-0040-1 firefox
BUGTRAQ 20070303 rPSA-2007-0040-3 firefox thunderbird
FULLDISC 20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops
FULLDISC 20070205 Re: Firefox + popup blocker + XMLHttpRequest + srand() = oops
CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-05.html
CONFIRM https://issues.rpath.com/browse/RPL-1081
CONFIRM https://issues.rpath.com/browse/RPL-1103
FEDORA FEDORA-2007-281
FEDORA FEDORA-2007-293
GENTOO GLSA-200703-04
GENTOO GLSA-200703-08
HP HPSBUX02153
HP SSRT061181
MANDRIVA MDKSA-2007:050
REDHAT RHSA-2007:0079
REDHAT RHSA-2007:0077
REDHAT RHSA-2007:0078
REDHAT RHSA-2007:0097
REDHAT RHSA-2007:0108
SGI 20070301-01-P
SGI 20070202-01-P
SLACKWARE SSA:2007-066-05
SUSE SUSE-SA:2007:019
SUSE SUSE-SA:2007:022
UBUNTU USN-428-1
BID 22396
BID 22694
OVAL oval:org.mitre.oval:def:10654
VUPEN ADV-2007-0718
VUPEN ADV-2008-0083
OSVDB 32108
SECTRACK 1017702
SECUNIA 24238
SECUNIA 24287
SECUNIA 24290
SECUNIA 24205
SECUNIA 24328
SECUNIA 24333
SECUNIA 24343
SECUNIA 24320
SECUNIA 24293
SECUNIA 24393
SECUNIA 24395
SECUNIA 24384
SECUNIA 24437
SECUNIA 24650
SECUNIA 24457
SECUNIA 24342
XF firefox-popup-security-bypass(32194)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.