CVE-2007-2871

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.
References
Link Resource
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://osvdb.org/35137
http://secunia.com/advisories/25469
http://secunia.com/advisories/25476
http://secunia.com/advisories/25488
http://secunia.com/advisories/25490
http://secunia.com/advisories/25491
http://secunia.com/advisories/25533
http://secunia.com/advisories/25534
http://secunia.com/advisories/25559
http://secunia.com/advisories/25635
http://secunia.com/advisories/25647
http://secunia.com/advisories/25685
http://secunia.com/advisories/25750
http://secunia.com/advisories/25858
http://security.gentoo.org/glsa/glsa-200706-06.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
http://www.debian.org/security/2007/dsa-1300
http://www.debian.org/security/2007/dsa-1306
http://www.debian.org/security/2007/dsa-1308
http://www.mandriva.com/security/advisories?name=MDKSA-2007:120
http://www.mandriva.com/security/advisories?name=MDKSA-2007:126
http://www.mozilla.org/security/announce/2007/mfsa2007-17.html Vendor Advisory
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
http://www.redhat.com/support/errata/RHSA-2007-0400.html
http://www.redhat.com/support/errata/RHSA-2007-0401.html
http://www.redhat.com/support/errata/RHSA-2007-0402.html
http://www.securityfocus.com/archive/1/470172/100/200/threaded
http://www.securityfocus.com/bid/24242
http://www.securitytracker.com/id?1018155
http://www.securitytracker.com/id?1018156
http://www.ubuntu.com/usn/usn-468-1
http://www.us-cert.gov/cas/techalerts/TA07-151A.html US Government Resource
http://www.vupen.com/english/advisories/2007/1994
https://exchange.xforce.ibmcloud.com/vulnerabilities/34606
https://issues.rpath.com/browse/RPL-1424
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11433
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://osvdb.org/35137
http://secunia.com/advisories/25469
http://secunia.com/advisories/25476
http://secunia.com/advisories/25488
http://secunia.com/advisories/25490
http://secunia.com/advisories/25491
http://secunia.com/advisories/25533
http://secunia.com/advisories/25534
http://secunia.com/advisories/25559
http://secunia.com/advisories/25635
http://secunia.com/advisories/25647
http://secunia.com/advisories/25685
http://secunia.com/advisories/25750
http://secunia.com/advisories/25858
http://security.gentoo.org/glsa/glsa-200706-06.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
http://www.debian.org/security/2007/dsa-1300
http://www.debian.org/security/2007/dsa-1306
http://www.debian.org/security/2007/dsa-1308
http://www.mandriva.com/security/advisories?name=MDKSA-2007:120
http://www.mandriva.com/security/advisories?name=MDKSA-2007:126
http://www.mozilla.org/security/announce/2007/mfsa2007-17.html Vendor Advisory
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
http://www.redhat.com/support/errata/RHSA-2007-0400.html
http://www.redhat.com/support/errata/RHSA-2007-0401.html
http://www.redhat.com/support/errata/RHSA-2007-0402.html
http://www.securityfocus.com/archive/1/470172/100/200/threaded
http://www.securityfocus.com/bid/24242
http://www.securitytracker.com/id?1018155
http://www.securitytracker.com/id?1018156
http://www.ubuntu.com/usn/usn-468-1
http://www.us-cert.gov/cas/techalerts/TA07-151A.html US Government Resource
http://www.vupen.com/english/advisories/2007/1994
https://exchange.xforce.ibmcloud.com/vulnerabilities/34606
https://issues.rpath.com/browse/RPL-1424
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11433
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*

History

21 Nov 2024, 00:31

Type Values Removed Values Added
References () http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 - () http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 -
References () http://osvdb.org/35137 - () http://osvdb.org/35137 -
References () http://secunia.com/advisories/25469 - () http://secunia.com/advisories/25469 -
References () http://secunia.com/advisories/25476 - () http://secunia.com/advisories/25476 -
References () http://secunia.com/advisories/25488 - () http://secunia.com/advisories/25488 -
References () http://secunia.com/advisories/25490 - () http://secunia.com/advisories/25490 -
References () http://secunia.com/advisories/25491 - () http://secunia.com/advisories/25491 -
References () http://secunia.com/advisories/25533 - () http://secunia.com/advisories/25533 -
References () http://secunia.com/advisories/25534 - () http://secunia.com/advisories/25534 -
References () http://secunia.com/advisories/25559 - () http://secunia.com/advisories/25559 -
References () http://secunia.com/advisories/25635 - () http://secunia.com/advisories/25635 -
References () http://secunia.com/advisories/25647 - () http://secunia.com/advisories/25647 -
References () http://secunia.com/advisories/25685 - () http://secunia.com/advisories/25685 -
References () http://secunia.com/advisories/25750 - () http://secunia.com/advisories/25750 -
References () http://secunia.com/advisories/25858 - () http://secunia.com/advisories/25858 -
References () http://security.gentoo.org/glsa/glsa-200706-06.xml - () http://security.gentoo.org/glsa/glsa-200706-06.xml -
References () http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857 - () http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857 -
References () http://www.debian.org/security/2007/dsa-1300 - () http://www.debian.org/security/2007/dsa-1300 -
References () http://www.debian.org/security/2007/dsa-1306 - () http://www.debian.org/security/2007/dsa-1306 -
References () http://www.debian.org/security/2007/dsa-1308 - () http://www.debian.org/security/2007/dsa-1308 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:120 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:120 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:126 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:126 -
References () http://www.mozilla.org/security/announce/2007/mfsa2007-17.html - Vendor Advisory () http://www.mozilla.org/security/announce/2007/mfsa2007-17.html - Vendor Advisory
References () http://www.novell.com/linux/security/advisories/2007_36_mozilla.html - () http://www.novell.com/linux/security/advisories/2007_36_mozilla.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0400.html - () http://www.redhat.com/support/errata/RHSA-2007-0400.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0401.html - () http://www.redhat.com/support/errata/RHSA-2007-0401.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0402.html - () http://www.redhat.com/support/errata/RHSA-2007-0402.html -
References () http://www.securityfocus.com/archive/1/470172/100/200/threaded - () http://www.securityfocus.com/archive/1/470172/100/200/threaded -
References () http://www.securityfocus.com/bid/24242 - () http://www.securityfocus.com/bid/24242 -
References () http://www.securitytracker.com/id?1018155 - () http://www.securitytracker.com/id?1018155 -
References () http://www.securitytracker.com/id?1018156 - () http://www.securitytracker.com/id?1018156 -
References () http://www.ubuntu.com/usn/usn-468-1 - () http://www.ubuntu.com/usn/usn-468-1 -
References () http://www.us-cert.gov/cas/techalerts/TA07-151A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA07-151A.html - US Government Resource
References () http://www.vupen.com/english/advisories/2007/1994 - () http://www.vupen.com/english/advisories/2007/1994 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/34606 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/34606 -
References () https://issues.rpath.com/browse/RPL-1424 - () https://issues.rpath.com/browse/RPL-1424 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11433 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11433 -

Information

Published : 2007-06-01 00:30

Updated : 2024-11-21 00:31


NVD link : CVE-2007-2871

Mitre link : CVE-2007-2871

CVE.ORG link : CVE-2007-2871


JSON object : View

Products Affected

mozilla

  • firefox
  • seamonkey