CVE-2007-1084
Publication date 23 February 2007
Last updated 24 July 2024
Ubuntu priority
Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | 11.04 natty |
Not affected
|
10.10 maverick |
Not affected
|
|
10.04 LTS lucid |
Not affected
|
|
9.10 karmic | Not in release | |
9.04 jaunty | Not in release | |
8.10 intrepid | Not in release | |
8.04 LTS hardy | Ignored end of life | |
7.10 gutsy | Ignored end of life, was needed | |
7.04 feisty | Ignored end of life, was needed | |
6.10 edgy | Ignored end of life, was needed | |
6.06 LTS dapper | Ignored end of life |
Notes
jdstrand
1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1 lists: New security/stability upstream release (v2.0.0.6) - 1.8.0.13 prepatches and mentions many CVEs, but not this one. still not fixed per asac (on any release)