CVE-2007-3656

NameCVE-2007-3656
DescriptionMozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1337-1, DSA-1338-1, DSA-1339-1, DTSA-45-1, DTSA-47-1, DTSA-51-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceapesourceetch1.0.10~pre070720-0etch1DSA-1339-1
iceapesourcelenny1.0.10~pre070720-0etch1+lenny1DTSA-47-1
iceapesource(unstable)1.1.3-1high
iceweaselsourceetch2.0.0.5-0etch1DSA-1338-1
iceweaselsourcelenny2.0.0.5-0etch1+lenny1DTSA-45-1
iceweaselsource(unstable)2.0.0.5-1high
xulrunnersourceetch1.8.0.13~pre070720-0etch1DSA-1337-1
xulrunnersourcelenny1.8.0.13~pre070720-0etch3+lenny1DTSA-51-1
xulrunnersource(unstable)1.8.1.5-1high

Notes

MFSA2007-24
Search for package or bug name: Reporting problems