Bug#556272: epiphany-browser: CVE-2007-1084 bookmarklets cross-site info disclosure
Michael Gilbert
michael.s.gilbert at gmail.com
Sun Nov 15 01:36:13 UTC 2009
Package: epiphany-browser
Version: 2.29.1-2
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published.
CVE-2007-1084[0]:
| Mozilla Firefox 2.0.0.1 and earlier does not prompt users before
| saving bookmarklets, which allows remote attackers to bypass the
| same-domain policy by tricking a user into saving a bookmarklet with a
| data: scheme, which is executed in the context of the last visited web
| page.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1084
http://security-tracker.debian.org/tracker/CVE-2007-1084
More information about the pkg-gnome-maintainers
mailing list