CVE-2007-2871

NameCVE-2007-2871
DescriptionMozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1300-1, DSA-1306-1, DSA-1308-1, DTSA-45-1, DTSA-47-1, DTSA-51-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceapesourceetch1.0.9-0etch1DSA-1300-1
iceapesourcelenny1.0.10~pre070720-0etch1+lenny1DTSA-47-1
iceapesource(unstable)1.1.2-1low
iceweaselsourceetch2.0.0.4-0etch1DSA-1308-1
iceweaselsourcelenny2.0.0.5-0etch1+lenny1DTSA-45-1
iceweaselsource(unstable)2.0.0.4-1low
xulrunnersourceetch1.8.0.12-0etch1DSA-1306-1
xulrunnersourcelenny1.8.0.13~pre070720-0etch3+lenny1DTSA-51-1
xulrunnersource(unstable)1.8.1.4-1low

Notes

MFSA2007-17
[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
Search for package or bug name: Reporting problems