Launchpad CVE tracker

CVE 2007-2383

The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

Related bugs and status

CVE-2007-2383 (Candidate) is related to these bugs:

Bug #438222: package php5-symfony1.0 (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 2 - /var/lib/dpkg/info/php5-symfony1.0.postinst: 7: pear: not found

Summary				In	Importance	Status
	438222	package php5-symfony1.0 (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 2 - /var/lib/dpkg/info/php5-symfony1.0.postinst: 7: pear: not found		symfony (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-2383

References