Bug#556272: epiphany-browser: CVE-2007-1084 bookmarklets cross-site info disclosure
Mike Hommey
mh at glandium.org
Mon Nov 16 08:37:34 UTC 2009
On Mon, Nov 16, 2009 at 09:17:58AM +0100, Josselin Mouette wrote:
> Le samedi 14 novembre 2009 à 20:36 -0500, Michael Gilbert a écrit :
> > The following CVE (Common Vulnerabilities & Exposures) id was
> > published.
> >
> > CVE-2007-1084[0]:
> > | Mozilla Firefox 2.0.0.1 and earlier does not prompt users before
> > | saving bookmarklets, which allows remote attackers to bypass the
> > | same-domain policy by tricking a user into saving a bookmarklet with a
> > | data: scheme, which is executed in the context of the last visited web
> > | page.
> >
> > If you fix the vulnerability please also make sure to include the
> > CVE id in your changelog entry.
>
> What’s a bookmarklet? I don’t even know whether epiphany supports this.
It's javascript code you bookmark and can run on any site. A bit like
greasemonkey, but crossbrowser. It's designed to run in the current
page context, so the security issue here is by design. To alleviate the
broken-by-design part, the CVE says the browser should ask for
confirmation, like everybody reads alerts and make informed decisions.
Haha.
Mike
More information about the pkg-gnome-maintainers
mailing list