Launchpad.net

CVE 2007-0800

Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.

See the

CVE page on Mitre.org for more details.

References

BUGTRAQ: 20070205 Re: [Full-dis...
FULLDISC: 20070205 Firefox + pop...
FULLDISC: 20070205 Re: Firefox +...
BID: 22396
CONFIRM: http://www.mozilla.org...
FEDORA: FEDORA-2007-281
REDHAT: RHSA-2007:0079
REDHAT: RHSA-2007:0077
UBUNTU: USN-428-1
BID: 22694
SECTRACK: 1017702
SECUNIA: 24238
SECUNIA: 24287
SECUNIA: 24290
SECUNIA: 24205
SECUNIA: 24328
CONFIRM: https://issues.rpath.c...
FEDORA: FEDORA-2007-293
GENTOO: GLSA-200703-04
REDHAT: RHSA-2007:0078
SECUNIA: 24333
SECUNIA: 24343
SECUNIA: 24320
SECUNIA: 24293
SECUNIA: 24393
CONFIRM: https://issues.rpath.c...
SUSE: SUSE-SA:2007:019
SECUNIA: 24395
SECUNIA: 24384
GENTOO: GLSA-200703-08
REDHAT: RHSA-2007:0097
REDHAT: RHSA-2007:0108
SECUNIA: 24437
SGI: 20070301-01-P
SECUNIA: 24650
SUSE: SUSE-SA:2007:022
OSVDB: 32108
SECUNIA: 24457
SGI: 20070202-01-P
SECUNIA: 24342
MANDRIVA: MDKSA-2007:050
HP: HPSBUX02153
HP: SSRT061181
VUPEN: ADV-2007-0718
VUPEN: ADV-2008-0083
SLACKWARE: SSA:2007-066-05
XF: firefox-popup-security...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20070205 Firefox + pop...
BUGTRAQ: 20070226 rPSA-2007-004...
BUGTRAQ: 20070303 rPSA-2007-004...

Launchpad.net

CVE 2007-0800

Related bugs

References