CVE-2007-0800
Published: 7 February 2007
Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1)
|
edgy |
Released
(2.0.0.6+0dfsg-0ubuntu0.6.10)
|
|
feisty |
Released
(2.0.0.6+1-0ubuntu1)
|
|
gutsy |
Not vulnerable
|
|
upstream |
Needs triage
|
|
iceape Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Released
(1.1.4-1ubuntu2)
|
|
upstream |
Needs triage
|
|
lightning-sunbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Released
(0.5-0ubuntu4)
|
|
upstream |
Needs triage
|
|
midbrowser Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Released
(0.1.6b-0ubuntu2)
|
|
upstream |
Needs triage
|
|
xulrunner Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Released
(1.8.0.10-3ubuntu1)
|
|
gutsy |
Released
(1.8.0.10-3ubuntu1)
|
|
upstream |
Needs triage
|