CVE-2007-2870

Publication date 1 June 2007

Last updated 24 July 2024


Ubuntu priority

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site.

Status

Package Ubuntu Release Status
firefox 7.04 feisty
Fixed 2.0.0.6+1-0ubuntu1
6.10 edgy
Fixed 2.0.0.6+0dfsg-0ubuntu0.6.10
6.06 LTS dapper
Fixed 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1
iceape 7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
lightning-sunbird 7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
midbrowser 7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release

References

Related Ubuntu Security Notices (USN)

    • USN-468-1
    • Firefox vulnerabilities
    • 1 June 2007

Other references