CVE-2007-2871 Information
Description
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4 and SeaMonkey 1.0.9 and 1.1.2 allows remote attackers to spoof or hide the browser chrome such as the location bar by placing XUL popups outside of the browser’s content pane. NOTE: this issue can be leveraged for phishing and other attacks.
Reference
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://osvdb.org/35137 http://secunia.com/advisories/25469 http://secunia.com/advisories/25476 http://secunia.com/advisories/25488 http://secunia.com/advisories/25490 http://secunia.com/advisories/25491 http://secunia.com/advisories/25533 http://secunia.com/advisories/25534 http://secunia.com/advisories/25559 http://secunia.com/advisories/25635 http://secunia.com/advisories/25647 http://secunia.com/advisories/25685 http://secunia.com/advisories/25750 http://secunia.com/advisories/25858 http://security.gentoo.org/glsa/glsa-200706-06.xml http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857 http://www.debian.org/security/2007/dsa-1300 http://www.debian.org/security/2007/dsa-1306 http://www.debian.org/security/2007/dsa-1308 http://www.mandriva.com/security/advisories?name=MDKSA-2007:120 http://www.mandriva.com/security/advisories?name=MDKSA-2007:126 http://www.mozilla.org/security/announce/2007/mfsa2007-17.html http://www.novell.com/linux/security/advisories/2007_36_mozilla.html http://www.redhat.com/support/errata/RHSA-2007-0400.html http://www.redhat.com/support/errata/RHSA-2007-0401.html http://www.redhat.com/support/errata/RHSA-2007-0402.html http://www.securityfocus.com/archive/1/470172/100/200/threaded http://www.securityfocus.com/bid/24242 http://www.securitytracker.com/id?1018155 http://www.securitytracker.com/id?1018156 http://www.ubuntu.com/usn/usn-468-1 http://www.us-cert.gov/cas/techalerts/TA07-151A.html http://www.vupen.com/english/advisories/2007/1994 https://exchange.xforce.ibmcloud.com/vulnerabilities/34606 https://issues.rpath.com/browse/RPL-1424 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11433
Share on: