Bug#556272: epiphany-browser: CVE-2007-1084 bookmarklets cross-site info disclosure
Josselin Mouette
joss at debian.org
Mon Nov 16 08:17:58 UTC 2009
Le samedi 14 novembre 2009 à 20:36 -0500, Michael Gilbert a écrit :
> The following CVE (Common Vulnerabilities & Exposures) id was
> published.
>
> CVE-2007-1084[0]:
> | Mozilla Firefox 2.0.0.1 and earlier does not prompt users before
> | saving bookmarklets, which allows remote attackers to bypass the
> | same-domain policy by tricking a user into saving a bookmarklet with a
> | data: scheme, which is executed in the context of the last visited web
> | page.
>
> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.
What’s a bookmarklet? I don’t even know whether epiphany supports this.
Cheers,
--
.''`. Josselin Mouette
: :' :
`. `' “I recommend you to learn English in hope that you in
`- future understand things” -- Jörg Schilling
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20091116/6817c8d0/attachment-0001.pgp>
More information about the pkg-gnome-maintainers
mailing list