CVE-2007-1084

Publication date 23 February 2007

Last updated 24 July 2024


Ubuntu priority

Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.

Read the notes from the security team

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
firefox 11.04 natty
Not affected
10.10 maverick
Not affected
10.04 LTS lucid
Not affected
9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Ignored end of life
7.10 gutsy Ignored end of life, was needed
7.04 feisty Ignored end of life, was needed
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper Ignored end of life

Notes


jdstrand

1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1 lists: New security/stability upstream release (v2.0.0.6) - 1.8.0.13 prepatches and mentions many CVEs, but not this one. still not fixed per asac (on any release)