what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2007-3089

Status Candidate

Overview

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568.

Related Files

Gentoo Linux Security Advisory 200708-9
Posted Aug 15, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200708-09 - Mozilla developers fixed several bugs, including an issue with modifying XPCNativeWrappers, a problem with event handlers executing elements outside of the document, and a cross-site scripting (XSS) vulnerability. They also fixed a problem with promiscuous IFRAME access and an XULRunner URL spoofing issue with the wyciwyg:// URI and HTTP 302 redirects. Denials of Service involving corrupted memory were fixed in the browser engine and the JavaScript engine. Finally, another XSS vulnerability caused by a regression in the CVE-2007-3089 patch was fixed. Versions less than 2.0.0.6 are affected.

tags | advisory, web, spoof, javascript, xss
systems | linux, gentoo
advisories | CVE-2007-3089, CVE-2007-3656, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738, CVE-2007-3844
SHA-256 | 764eb18f274a13a2519a59558d5e3a6de627854283160fa729985a477c6ca6a8
Mandriva Linux Security Advisory 2007.152
Posted Aug 8, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.6.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-3089, CVE-2007-3285, CVE-2007-3656, CVE-2007-3670, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738, CVE-2007-3844, CVE-2007-3845
SHA-256 | 09a93ae755c8850298dff969f0aaed4e9395ebe574184598d2c77a04e5ddd3f8
Debian Linux Security Advisory 1339-1
Posted Jul 24, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1339-1 - Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2007-3089, CVE-2007-3656, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738
SHA-256 | a8d6d010a984e1a64532f335ce92aa1f236237e0013c73b0916ee5eb051d2d94
Debian Linux Security Advisory 1338-1
Posted Jul 24, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1338-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.

tags | advisory, remote, web, vulnerability
systems | linux, debian
advisories | CVE-2007-3089, CVE-2007-3656, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738
SHA-256 | 3600b9279b98dec810d15d280abf91ec402cc43ebdb0bf2a653959295acd25ef
Debian Linux Security Advisory 1337-1
Posted Jul 23, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1337-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. These vulnerabilities range from cross site scripting to arbitrary code execution flaws.

tags | advisory, remote, arbitrary, vulnerability, code execution, xss
systems | linux, debian
advisories | CVE-2007-3089, CVE-2007-3285, CVE-2007-3656, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738
SHA-256 | caf99c2e0f0035b962c0967f4694b48897b5d59cdcb1f4b99a052dd8022a5767
Ubuntu Security Notice 490-1
Posted Jul 20, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 490-1 - A slew of vulnerabilities have been fixed in the Firefox browser. Too many to list, but we suggest upgrading now.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-3089, CVE-2007-3285, CVE-2007-3656, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738
SHA-256 | 4c2895058ecfb4ae1b11af7afd580f2416642597addd5705e9f4d95880f30ea6
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close