CVE-2007-0981
Publication date 16 February 2007
Last updated 17 July 2025
Ubuntu priority
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | 7.10 gutsy |
Not affected
|
7.04 feisty |
Fixed 2.0.0.6+1-0ubuntu1
|
|
6.10 edgy |
Fixed 2.0.0.6+0dfsg-0ubuntu0.6.10
|
|
6.06 LTS dapper |
Fixed 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1
|
|
iceape | 7.10 gutsy |
Fixed 1.1.4-1ubuntu2
|
7.04 feisty | Not in release | |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release | |
lightning-sunbird | 7.10 gutsy |
Fixed 0.5-0ubuntu4
|
7.04 feisty | Not in release | |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release | |
midbrowser | 7.10 gutsy |
Fixed 0.1.6b-0ubuntu2
|
7.04 feisty | Not in release | |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release | |
xulrunner | 7.10 gutsy |
Fixed 1.8.0.10-3ubuntu1
|
7.04 feisty |
Fixed 1.8.0.10-3ubuntu1
|
|
6.10 edgy | Ignored end of life, was needed | |
6.06 LTS dapper | Not in release |