Lucene search
SecurityvulnsSECURITYVULNS:DOC:18262HistoryOct 23, 2007 - 12:00 a.m.
Mozilla Foundation Security Advisory 2007-35
2007-10-2300:00:00
vulners.com
23
Mozilla Foundation Security Advisory 2007-35
Title: XPCNativeWraper pollution using Script object
Impact: Critical
Announced: October 18, 2007
Reporter: moz_bug_r_a4
Products: Firefox, SeaMonkey
Fixed in: Firefox 2.0.0.8
SeaMonkey 1.1.5
Description
Mozilla security researcher moz_bug_r_a4 reported that it was possible to use the Script object to modify XPCNativeWrappers in such a way that subsequent access by the browser chromeâsuch as by right-clicking to open a context menuâcan cause attacker-supplied javascript to run with the same privileges as the user. This is similar to MFSA 2007-25 fixed in Firefox 2.0.0.5
References
* https://bugzilla.mozilla.org/show_bug.cgi?id=387881
* CVE-2007-5338
Related
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:20:22
cve
cve
CVE-2007-5338
2007-10-21 20:17:00
prion
prion
Code injection
2007-10-21 20:17:00
ubuntucve
ubuntucve
CVE-2007-5338
2007-10-21 00:00:00
mozilla
mozilla
XPCNativeWraper pollution using Script object â Mozilla
2007-10-18 00:00:00
seebug
seebug
Mozilla Firefox 2.0.0.7åĪäļŠčŋįĻåŪå
Ļæžæī
2007-10-23 00:00:00
nessus
nessus
Debian DSA-1574-1 : icedove - several vulnerabilities
2008-05-13 00:00:00
CentOS 3 / 4 : seamonkey (CESA-2007:0980)
2007-10-25 00:00:00
debian
debian
[SECURITY] [DSA 1574-1] New icedove packages fix several vulnerabilities
2008-05-12 16:09:37
[SECURITY] [DSA 1396-1] New iceweasel packages fix several vulnerabilities
2007-10-27 11:54:56
[SECURITY] [DSA 1392-1] New xulrunner packages fix several vulnerabilities
2007-10-20 11:56:10
osv
osv
icedove - several vulnerabilities
2008-05-12 00:00:00
iceape - several vulnerabilities
2007-11-05 00:00:00
xulrunner - several vulnerabilities
2007-10-20 00:00:00
openvas
openvas
Debian Security Advisory DSA 1574-1 (icedove)
2008-05-27 00:00:00
Gentoo Security Advisory GLSA 200711-14 (firefox seamonkey xulrunner)
2008-09-24 00:00:00
Debian Security Advisory DSA 1401-1 (iceape)
2008-01-17 00:00:00
gentoo
gentoo
Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities
2007-11-12 00:00:00
redhat
redhat
(RHSA-2007:0980) Critical: seamonkey security update
2007-10-19 00:00:00
(RHSA-2007:0979) Critical: firefox security update
2007-10-19 00:00:00
(RHSA-2007:0981) Moderate: thunderbird security update
2007-10-19 00:00:00
centos
centos
seamonkey security update
2007-10-19 22:39:36
seamonkey security update
2007-10-22 02:25:42
thunderbird security update
2007-10-20 18:06:21
oraclelinux
oraclelinux
Critical: firefox security update
2007-10-20 00:00:00
Critical: seamonkey security update
2007-10-20 00:00:00
Moderate: thunderbird security update
2007-10-20 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: thunderbird-2.0.0.9-1.fc8
2007-11-16 00:39:02
[SECURITY] Fedora 7 Update: thunderbird-2.0.0.9-1.fc7
2007-11-16 00:41:37
[SECURITY] Fedora 8 Update: seamonkey-1.1.5-2.fc8
2007-11-06 16:05:16
ubuntu
ubuntu
Thunderbird vulnerabilities
2007-10-23 00:00:00
Firefox vulnerabilities
2007-10-22 00:00:00
securityvulns
securityvulns
Mozilla Firefox /Thunderbird / Seamonkey multiple security vulnerabilities
2007-10-23 00:00:00
suse
suse
remote code execution in MozillaFirefox,mozilla,seamonkey
2007-10-25 18:13:14
Related for SECURITYVULNS:DOC:18262