Lucene search
Mozilla FoundationMFSA2007-17HistoryMay 30, 2007 - 12:00 a.m.
XUL Popup Spoofing — Mozilla
2007-05-3000:00:00
Mozilla Foundation
www.mozilla.org
15
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.179
Percentile
96.3%
Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar.
Affected configurations
Node
mozillafirefoxRange<1.5.0.12
ORmozillafirefoxRange<2.0.0.4
ORmozillaseamonkeyRange<1.0.9
ORmozillaseamonkeyRange<1.1.2
Related
ubuntucve
ubuntucve
CVE-2007-2871
2007-06-01 00:00:00
cvelist
cvelist
CVE-2007-2871
2007-06-01 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2007-17
2007-06-01 00:00:00
Mozilla Firefox / Thunderbird / SeaMonkey multiple security vulnerabilities
2007-06-05 00:00:00
cve
cve
CVE-2007-2871
2007-06-01 00:30:00
veracode
veracode
Phishing Attack
2020-04-10 00:18:40
prion
prion
Design/Logic Flaw
2007-06-01 00:30:00
nvd
nvd
CVE-2007-2871
2007-06-01 00:30:00
openvas
openvas
Mandriva Update for mozilla-firefox MDKSA-2007:120 (mozilla-firefox)
2009-04-09 00:00:00
Mandriva Update for mozilla-firefox MDKSA-2007:126 (mozilla-firefox)
2009-04-09 00:00:00
Mandriva Update for mozilla-firefox MDKSA-2007:126-1 (mozilla-firefox)
2009-04-09 00:00:00
nessus
nessus
Debian DSA-1300-1 : iceape - several vulnerabilities
2007-06-12 00:00:00
SeaMonkey < 1.0.9 / 1.1.2 Multiple Vulnerabilities
2007-05-31 00:00:00
Ubuntu 6.06 LTS / 6.10 / 7.04 : firefox vulnerabilities (USN-468-1)
2007-11-10 00:00:00
osv
osv
iceape
2007-06-07 00:00:00
iceweasel - several vulnerabilities
2007-06-14 00:00:00
xulrunner
2007-06-12 00:00:00
oraclelinux
oraclelinux
Critical: thunderbird security update
2007-05-31 00:00:00
Critical: firefox security update
2007-05-31 00:00:00
Critical: seamonkey security update
2007-05-31 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2007-06-01 00:00:00
debian
debian
[SECURITY] [DSA 1308-1] New iceweasel packages fix several vulnerabilities
2007-06-14 17:22:37
[SECURITY] [DSA 1300-1] New iceape packages fix several vulnerabilities
2007-06-07 20:16:43
[SECURITY] [DSA 1306-1] New xulrunner packages fix several vulnerabilities
2007-06-12 15:57:27
fedora
fedora
[SECURITY] Fedora Core 5 Update: thunderbird-1.5.0.12-1.fc5
2007-05-31 13:06:32
[SECURITY] Fedora Core 6 Update: thunderbird-1.5.0.12-1.fc6
2007-05-31 13:03:59
[SECURITY] Fedora Core 6 Update: firefox-1.5.0.12-1.fc6
2007-05-31 13:01:28
redhat
redhat
(RHSA-2007:0401) Critical: thunderbird security update
2007-05-30 00:00:00
(RHSA-2007:0400) Critical: firefox security update
2007-05-30 00:00:00
(RHSA-2007:0402) Critical: seamonkey security update
2007-05-30 00:00:00
centos
centos
thunderbird security update
2007-05-31 21:22:54
devhelp, firefox, yelp security update
2007-05-31 21:22:44
devhelp, seamonkey security update
2007-05-31 21:23:00
gentoo
gentoo
Mozilla products: Multiple vulnerabilities
2007-06-19 00:00:00
suse
suse
remote code execution in mozilla,MozillaFirefox,MozillaThunderbird
2007-06-27 15:10:40
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.179
Percentile
96.3%
Related for MFSA2007-17