CVE-2007-2871

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.
References
Link Resource
http://www.mozilla.org/security/announce/2007/mfsa2007-17.html Vendor Advisory
https://issues.rpath.com/browse/RPL-1424
http://www.debian.org/security/2007/dsa-1300
http://www.debian.org/security/2007/dsa-1306
http://www.debian.org/security/2007/dsa-1308
http://security.gentoo.org/glsa/glsa-200706-06.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:120
http://www.mandriva.com/security/advisories?name=MDKSA-2007:126
http://www.redhat.com/support/errata/RHSA-2007-0400.html
http://www.redhat.com/support/errata/RHSA-2007-0401.html
http://www.redhat.com/support/errata/RHSA-2007-0402.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
http://www.ubuntu.com/usn/usn-468-1
http://www.us-cert.gov/cas/techalerts/TA07-151A.html US Government Resource
http://www.securityfocus.com/bid/24242
http://www.securitytracker.com/id?1018155
http://www.securitytracker.com/id?1018156
http://secunia.com/advisories/25476
http://secunia.com/advisories/25533
http://secunia.com/advisories/25559
http://secunia.com/advisories/25635
http://secunia.com/advisories/25647
http://secunia.com/advisories/25685
http://secunia.com/advisories/25534
http://secunia.com/advisories/25469
http://secunia.com/advisories/25488
http://secunia.com/advisories/25490
http://secunia.com/advisories/25491
http://secunia.com/advisories/25750
http://secunia.com/advisories/25858
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://www.vupen.com/english/advisories/2007/1994
http://osvdb.org/35137
https://exchange.xforce.ibmcloud.com/vulnerabilities/34606
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11433
http://www.securityfocus.com/archive/1/470172/100/200/threaded
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*

Information

Published : 2007-05-31 17:30

Updated : 2018-10-16 09:46


NVD link : CVE-2007-2871

Mitre link : CVE-2007-2871


JSON object : View

Advertisement

dedicated server usa

Products Affected

mozilla

  • firefox
  • seamonkey