CVE-2007-0800

NameCVE-2007-0800
DescriptionCross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceapesource(unstable)1.0.8-1medium
iceweaselsource(unstable)2.0.0.2+dfsg-1medium
xulrunnersource(unstable)1.8.0.10-1medium

Notes

MFSA-2007-05
[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
Search for package or bug name: Reporting problems