Bug#556268: iceweasel: CVE-2007-1084 bookmarklets cross-site information disclosure
Mike Hommey
mh at glandium.org
Tue Dec 15 13:39:23 UTC 2009
severity 556268 important
thanks
IMHO this is not a serious issue.
On Sat, Nov 14, 2009 at 08:17:57PM -0500, Michael Gilbert wrote:
> Package: iceweasel
> Version: 3.0.6-1
> Severity: serious
> Tags: security
>
> Hi,
>
> The following CVE (Common Vulnerabilities & Exposures) id was
> published for iceweasel.
>
> CVE-2007-1084[0]:
> | Mozilla Firefox 2.0.0.1 and earlier does not prompt users before
> | saving bookmarklets, which allows remote attackers to bypass the
> | same-domain policy by tricking a user into saving a bookmarklet with a
> | data: scheme, which is executed in the context of the last visited web
> | page.
>
> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.
>
> For further information see:
>
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1084
> http://security-tracker.debian.org/tracker/CVE-2007-1084
>
>
>
More information about the pkg-mozilla-maintainers
mailing list