all things security
Showing 1 - 9 of 9 RSS Feed

CVE-2007-3844

Status Candidate

Overview

Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.

Related Files

Mandriva Linux Security Advisory 2007-047
Posted Feb 20, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.9.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-3734, CVE-2007-3735, CVE-2007-3844, CVE-2007-3845, CVE-2007-5339, CVE-2007-5340
MD5 | 8d8786a73444a4b79488106eb1238ba2
Debian Linux Security Advisory 1391-1
Posted Oct 22, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1391-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2007-3734, CVE-2007-3735, CVE-2007-3844, CVE-2007-3845, CVE-2007-5339, CVE-2007-5340
MD5 | 96c300ce32c8aeaaaff6b0777dace39d
Ubuntu Security Notice 503-1
Posted Aug 27, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 503-1 - Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious email, an attacker could execute arbitrary code with the user's privileges. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. In rare configurations, after tricking a user into opening a malicious email, an attacker could execute helpers with arbitrary arguments with the user's privileges.

tags | advisory, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2007-3670, CVE-2007-3734, CVE-2007-3735, CVE-2007-3844, CVE-2007-3845
MD5 | 2c06cd51d5fdc140e11897c175c68979
Gentoo Linux Security Advisory 200708-9
Posted Aug 15, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200708-09 - Mozilla developers fixed several bugs, including an issue with modifying XPCNativeWrappers, a problem with event handlers executing elements outside of the document, and a cross-site scripting (XSS) vulnerability. They also fixed a problem with promiscuous IFRAME access and an XULRunner URL spoofing issue with the wyciwyg:// URI and HTTP 302 redirects. Denials of Service involving corrupted memory were fixed in the browser engine and the JavaScript engine. Finally, another XSS vulnerability caused by a regression in the CVE-2007-3089 patch was fixed. Versions less than 2.0.0.6 are affected.

tags | advisory, web, spoof, javascript, xss
systems | linux, gentoo
advisories | CVE-2007-3089, CVE-2007-3656, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738, CVE-2007-3844
MD5 | 644a817d047e617caf2ae4057ff42c67
Debian Linux Security Advisory 1346-1
Posted Aug 8, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1346-1 - Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. "moz_bug_r_a4" discovered that a regression in the handling of "about:blank" windows used by addons may lead to an attacker being able to modify the content of web sites. Jesper Johansson discovered that missing sanitizing of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page.

tags | advisory, remote, web, arbitrary, vulnerability
systems | linux, windows, debian
advisories | CVE-2007-3844, CVE-2007-3845
MD5 | 169c1a4ce7ca948b6f5c0edb44f93133
Debian Linux Security Advisory 1345-1
Posted Aug 8, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1345-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. "moz_bug_r_a4" discovered that a regression in the handling of "about:blank" windows used by addons may lead to an attacker being able to modify the content of web sites. Jesper Johansson discovered that missing sanitizing of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page.

tags | advisory, remote, web, arbitrary, vulnerability
systems | linux, windows, debian
advisories | CVE-2007-3844, CVE-2007-3845
MD5 | e81402d558540bbe4e4efe53496addb7
Debian Linux Security Advisory 1344-1
Posted Aug 8, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1344-1 - "moz_bug_r_a4" discovered that a regression in the handling of "about:blank" windows used by addons may lead to an attacker being able to modify the content of web sites. Jesper Johansson discovered that missing sanitizing of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page.

tags | advisory, web, arbitrary
systems | linux, windows, debian
advisories | CVE-2007-3844, CVE-2007-3845
MD5 | 1b6b5a0421d7a7c2b6889a9caf645b64
Mandriva Linux Security Advisory 2007.152
Posted Aug 8, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.6.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-3089, CVE-2007-3285, CVE-2007-3656, CVE-2007-3670, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738, CVE-2007-3844, CVE-2007-3845
MD5 | a0fd2b4a65019d2ea2d16383d6d1de2a
Ubuntu Security Notice 493-1
Posted Aug 8, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 493-1 - A flaw was discovered in handling of "about:blank" windows used by addons. A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages. Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. In rare configurations, after tricking a user into opening a malicious web page, an attacker could execute helpers with arbitrary arguments with the user's privileges.

tags | advisory, web, arbitrary
systems | linux, windows, ubuntu
advisories | CVE-2007-3844, CVE-2007-3845
MD5 | f9d508262fd7a81703b35191aaacfa3a
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close