exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2007-3844

Status Candidate

Overview

Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.

Related Files

Mandriva Linux Security Advisory 2007-047
Posted Feb 20, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.9.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-3734, CVE-2007-3735, CVE-2007-3844, CVE-2007-3845, CVE-2007-5339, CVE-2007-5340
SHA-256 | 5c2c7d93049660ffeb7fc427cc6435f6ba3ab42a814acce6c691c62da72b64b2
Debian Linux Security Advisory 1391-1
Posted Oct 22, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1391-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2007-3734, CVE-2007-3735, CVE-2007-3844, CVE-2007-3845, CVE-2007-5339, CVE-2007-5340
SHA-256 | 0fd2dac5b0f1f89683b32b5407978d38835cbcbb2a326d49cd11d7daf010f237
Ubuntu Security Notice 503-1
Posted Aug 27, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 503-1 - Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious email, an attacker could execute arbitrary code with the user's privileges. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. In rare configurations, after tricking a user into opening a malicious email, an attacker could execute helpers with arbitrary arguments with the user's privileges.

tags | advisory, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2007-3670, CVE-2007-3734, CVE-2007-3735, CVE-2007-3844, CVE-2007-3845
SHA-256 | fdc222ca45585dcaaf986348036154ccceb0b08ece8dd53b72a35eb3a03d01e2
Gentoo Linux Security Advisory 200708-9
Posted Aug 15, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200708-09 - Mozilla developers fixed several bugs, including an issue with modifying XPCNativeWrappers, a problem with event handlers executing elements outside of the document, and a cross-site scripting (XSS) vulnerability. They also fixed a problem with promiscuous IFRAME access and an XULRunner URL spoofing issue with the wyciwyg:// URI and HTTP 302 redirects. Denials of Service involving corrupted memory were fixed in the browser engine and the JavaScript engine. Finally, another XSS vulnerability caused by a regression in the CVE-2007-3089 patch was fixed. Versions less than 2.0.0.6 are affected.

tags | advisory, web, spoof, javascript, xss
systems | linux, gentoo
advisories | CVE-2007-3089, CVE-2007-3656, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738, CVE-2007-3844
SHA-256 | 764eb18f274a13a2519a59558d5e3a6de627854283160fa729985a477c6ca6a8
Debian Linux Security Advisory 1346-1
Posted Aug 8, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1346-1 - Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. "moz_bug_r_a4" discovered that a regression in the handling of "about:blank" windows used by addons may lead to an attacker being able to modify the content of web sites. Jesper Johansson discovered that missing sanitizing of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page.

tags | advisory, remote, web, arbitrary, vulnerability
systems | linux, windows, debian
advisories | CVE-2007-3844, CVE-2007-3845
SHA-256 | 7d8c2ef6cb498a01f05fe869a389a93bbe3f6cf220732c50f166e318bd3fb9e8
Debian Linux Security Advisory 1345-1
Posted Aug 8, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1345-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. "moz_bug_r_a4" discovered that a regression in the handling of "about:blank" windows used by addons may lead to an attacker being able to modify the content of web sites. Jesper Johansson discovered that missing sanitizing of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page.

tags | advisory, remote, web, arbitrary, vulnerability
systems | linux, windows, debian
advisories | CVE-2007-3844, CVE-2007-3845
SHA-256 | af4abfa3d80e22b8e5beb51323cb93d79d2c92e0fc5a3cf28c6d13338a78cc5c
Debian Linux Security Advisory 1344-1
Posted Aug 8, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1344-1 - "moz_bug_r_a4" discovered that a regression in the handling of "about:blank" windows used by addons may lead to an attacker being able to modify the content of web sites. Jesper Johansson discovered that missing sanitizing of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page.

tags | advisory, web, arbitrary
systems | linux, windows, debian
advisories | CVE-2007-3844, CVE-2007-3845
SHA-256 | d1fb2f29c2f8e3279dcdeddc998ce07195c774016ac60d19d4fece5890d9bd83
Mandriva Linux Security Advisory 2007.152
Posted Aug 8, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.6.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-3089, CVE-2007-3285, CVE-2007-3656, CVE-2007-3670, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738, CVE-2007-3844, CVE-2007-3845
SHA-256 | 09a93ae755c8850298dff969f0aaed4e9395ebe574184598d2c77a04e5ddd3f8
Ubuntu Security Notice 493-1
Posted Aug 8, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 493-1 - A flaw was discovered in handling of "about:blank" windows used by addons. A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages. Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. In rare configurations, after tricking a user into opening a malicious web page, an attacker could execute helpers with arbitrary arguments with the user's privileges.

tags | advisory, web, arbitrary
systems | linux, windows, ubuntu
advisories | CVE-2007-3844, CVE-2007-3845
SHA-256 | 518c2a5ab9906194864d36c0c49e8192666da35048f7075b8cc14b2de8b187f4
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close