Debian Bug report logs -
#556268
iceweasel: CVE-2007-1084 bookmarklets cross-site information disclosure
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>
:
Bug#556268
; Package iceweasel
.
(Sun, 15 Nov 2009 06:21:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <michael.s.gilbert@gmail.com>
:
New Bug report received and forwarded. Copy sent to Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>
.
(Sun, 15 Nov 2009 06:21:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: iceweasel
Version: 3.0.6-1
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for iceweasel.
CVE-2007-1084[0]:
| Mozilla Firefox 2.0.0.1 and earlier does not prompt users before
| saving bookmarklets, which allows remote attackers to bypass the
| same-domain policy by tricking a user into saving a bookmarklet with a
| data: scheme, which is executed in the context of the last visited web
| page.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1084
http://security-tracker.debian.org/tracker/CVE-2007-1084
Information forwarded
to debian-bugs-dist@lists.debian.org, Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>
:
Bug#556268
; Package iceweasel
.
(Sun, 15 Nov 2009 06:42:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <michael.s.gilbert@gmail.com>
:
Extra info received and forwarded to list. Copy sent to Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>
.
(Sun, 15 Nov 2009 06:42:08 GMT) (full text, mbox, link).
Message #10 received at 556268@bugs.debian.org (full text, mbox, reply):
forwarded 556268 https://bugzilla.mozilla.org/post_bug.cgi
thanks
Information forwarded
to debian-bugs-dist@lists.debian.org, Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>
:
Bug#556268
; Package iceweasel
.
(Sun, 15 Nov 2009 06:42:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <michael.s.gilbert@gmail.com>
:
Extra info received and forwarded to list. Copy sent to Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>
.
(Sun, 15 Nov 2009 06:42:10 GMT) (full text, mbox, link).
Message #15 received at 556268@bugs.debian.org (full text, mbox, reply):
forwarded 556268 https://bugzilla.mozilla.org/show_bug.cgi?id=528772
thanks
Information forwarded
to debian-bugs-dist@lists.debian.org, Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>
:
Bug#556268
; Package iceweasel
.
(Tue, 15 Dec 2009 14:03:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Hommey <mh@glandium.org>
:
Extra info received and forwarded to list. Copy sent to Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>
.
(Tue, 15 Dec 2009 14:03:06 GMT) (full text, mbox, link).
Message #26 received at 556268@bugs.debian.org (full text, mbox, reply):
severity 556268 important
thanks
IMHO this is not a serious issue.
On Sat, Nov 14, 2009 at 08:17:57PM -0500, Michael Gilbert wrote:
> Package: iceweasel
> Version: 3.0.6-1
> Severity: serious
> Tags: security
>
> Hi,
>
> The following CVE (Common Vulnerabilities & Exposures) id was
> published for iceweasel.
>
> CVE-2007-1084[0]:
> | Mozilla Firefox 2.0.0.1 and earlier does not prompt users before
> | saving bookmarklets, which allows remote attackers to bypass the
> | same-domain policy by tricking a user into saving a bookmarklet with a
> | data: scheme, which is executed in the context of the last visited web
> | page.
>
> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.
>
> For further information see:
>
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1084
> http://security-tracker.debian.org/tracker/CVE-2007-1084
>
>
>
Severity set to 'important' from 'serious'
Request was from Mike Hommey <mh@glandium.org>
to control@bugs.debian.org
.
(Tue, 15 Dec 2009 14:03:08 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:42:02 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.