CVE-2007-5337

Name	CVE-2007-5337
Description	Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1392-1, DSA-1396-1, DSA-1401-1, DTSA-69-1, DTSA-80-1

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
iceape	source	etch	1.0.11~pre071022-0etch1	DSA-1401-1
iceape	source	lenny	1.0.11~pre071022-0etch1+lenny1	DTSA-80-1
iceape	source	(unstable)	1.1.5
iceweasel	source	etch	2.0.0.6+2.0.0.8-0etch1	DSA-1396-1
iceweasel	source	(unstable)	2.0.0.8-1
xulrunner	source	etch	1.8.0.14~pre071019b-0etch1	DSA-1392-1
xulrunner	source	lenny	1.8.0.14~pre071019b-0lenny1	DTSA-69-1
xulrunner	source	(unstable)	1.8.1.9-1

Notes

MFSA2007-34