ID CVE-2007-3844
Summary Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.
References
Vulnerable Configurations
  • Mozilla Firefox 2.0.0.5
    cpe:2.3:a:mozilla:firefox:2.0.0.5
  • Mozilla Seamonkey 1.1.3
    cpe:2.3:a:mozilla:seamonkey:1.1.3
  • Mozilla Thunderbird 2.0.0.5
    cpe:2.3:a:mozilla:thunderbird:2.0.0.5
CVSS
Base: 4.3 (as of 08-08-2007 - 09:27)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
exploit-db via4
description Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability. CVE-2007-3844. Remote exploit for linux platform
id EDB-ID:30439
last seen 2016-02-03
modified 2007-07-31
published 2007-07-31
reporter moz_bug_r_a4
source https://www.exploit-db.com/download/30439/
title Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability
nessus via4
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_2006.NASL
    description The installed version of Firefox allows unescaped URIs to be passed to external programs, which could lead to execution of arbitrary code on the affected host subject to the user's privileges, and could also allow privilege escalation attacks against addons that create 'about:blank' windows and populate them in certain ways.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 25820
    published 2007-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25820
    title Firefox < 2.0.0.6 Multiple Vulnerabilities
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2007-213-01.NASL
    description New mozilla-firefox packages are available for Slackware 11.0 and 12.0 to fix security issues. Note that Firefox 1.5.x has reached its EOL (end of life) and is no longer being updated by mozilla.com. Users of Firefox 1.5.x are encouraged to upgrade to Firefox 2.x. Since we use the official Firefox binaries, these packages should work equally well on earlier Slackware systems.
    last seen 2019-02-21
    modified 2013-11-27
    plugin id 25831
    published 2007-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25831
    title Slackware 11.0 / 12.0 : firefox (SSA:2007-213-01)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-503-1.NASL
    description Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious email, an attacker could execute arbitrary code with the user's privileges. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3844) Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. In rare configurations, after tricking a user into opening a malicious email, an attacker could execute helpers with arbitrary arguments with the user's privileges. (CVE-2007-3670, CVE-2007-3845). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28107
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28107
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : mozilla-thunderbird vulnerabilities (USN-503-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1346.NASL
    description Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the SeaMonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3844 'moz_bug_r_a4' discovered that a regression in the handling of'about:blank' windows used by addons may lead to an attacker being able to modify the content of websites. - CVE-2007-3845 Jesper Johansson discovered that missing sanitising of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page. The Mozilla products in the oldstable distribution (sarge) are no longer supported with security updates.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25854
    published 2007-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25854
    title Debian DSA-1346-1 : iceape - several vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-493-1.NASL
    description A flaw was discovered in handling of 'about:blank' windows used by addons. A malicious website could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages. (CVE-2007-3844) Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. In rare configurations, after tricking a user into opening a malicious web page, an attacker could execute helpers with arbitrary arguments with the user's privileges. (CVE-2007-3845). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28095
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28095
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : firefox vulnerabilities (USN-493-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1345.NASL
    description Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3844 'moz_bug_r_a4' discovered that a regression in the handling of'about:blank' windows used by addons may lead to an attacker being able to modify the content of websites. - CVE-2007-3845 Jesper Johansson discovered that missing sanitising of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page. The oldstable distribution (sarge) doesn't include xulrunner.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25853
    published 2007-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25853
    title Debian DSA-1345-1 : xulrunner - several vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_2006.NASL
    description The installed version of Mozilla Thunderbird allows unescaped URIs to be passed to external programs, which could lead to execution of arbitrary code, as well as privilege escalation attacks against addons that create 'about:blank' windows and populate them in certain ways.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 25837
    published 2007-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25837
    title Mozilla Thunderbird < 1.5.0.13 / 2.0.0.6 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1344.NASL
    description Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3844 'moz_bug_r_a4' discovered that a regression in the handling of'about:blank' windows used by addons may lead to an attacker being able to modify the content of websites. - CVE-2007-3845 Jesper Johansson discovered that missing sanitising of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page. The Mozilla products in the oldstable distribution (sarge) are no longer supported with security updates.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25852
    published 2007-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25852
    title Debian DSA-1344-1 : iceweasel - several vulnerabilities
  • NASL family Windows
    NASL id SEAMONKEY_114.NASL
    description The installed version of SeaMonkey allows unescaped URIs to be passed to external programs, which could lead to execution of arbitrary code on the affected host subject to the user's privileges, and could also allow privilege escalation attacks against addons that create 'about:blank' windows and populate them in certain ways.
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 25842
    published 2007-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25842
    title SeaMonkey < 1.1.4 Multiple Vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-152.NASL
    description A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.6. This update provides the latest Firefox to correct these issues. As well, it provides Firefox 2.0.0.6 for older products.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25836
    published 2007-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25836
    title Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2007:152)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-4574.NASL
    description This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create 'about:blank' windows and populate them in certain ways (including implicit 'about:blank' document creation through data: or javascript: URLs in a new window). - MFSA 2007-29: Crashes with evidence of memory corruption As part of the Firefox 2.0.0.8 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. - CVE-2007-5339 Browser crashes - CVE-2007-5340 JavaScript engine crashes - MFSA 2007-30 / CVE-2007-1095: onUnload Tailgating Michal Zalewski demonstrated that onUnload event handlers had access to the address of the new page about to be loaded, even if the navigation was triggered from outside the page content such as by using a bookmark, pressing the back button, or typing an address into the location bar. If the bookmark contained sensitive information in the URL the attacking page might be able to take advantage of it. An attacking page would also be able to redirect the user, perhaps to a phishing page that looked like the site the user thought they were about to visit. - MFSA 2007-31 / CVE-2007-2292: Digest authentication request splitting Security researcher Stefano Di Paola reported that Firefox did not properly validate the user ID when making an HTTP request using Digest Authentication to log into a website. A malicious page could abuse this to inject arbitrary HTTP headers by including a newline character in the user ID followed by the injected header data. If the user were connecting through a proxy the attacker could inject headers that a proxy would interpret as two separate requests for different hosts. - MFSA 2007-32 / CVE-2007-3511 / CVE-2006-2894: File input focus stealing vulnerability A user on the Sla.ckers.org forums named hong reported that a file upload control could be filled programmatically by switching page focus to the label before a file upload form control for selected keyboard events. An attacker could use this trick to steal files from the users' computer if the attacker knew the full pathnames to the desired fileis and could create a pretext that would convince the user to type long enough to produce all the necessary characters. - MFSA 2007-33 / CVE-2007-5334: XUL pages can hide the window titlebar Mozilla developer Eli Friedman discovered that web pages written in the XUL markup language (rather than the usual HTML) can hide their window's titlebar. It may have been possible to abuse this ability to create more convincing spoof and phishing pages. - MFSA 2007-34 / CVE-2007-5337: Possible file stealing through sftp protocol On Linux machines with gnome-vfs support the smb: and sftp: URI schemes are available in Firefox. Georgi Guninski showed that if an attacker can store the attack page in a mutually accessible location on the target server (/tmp perhaps) and lure the victim into loading it, the attacker could potentially read any file owned by the victim from known locations on that server. - MFSA 2007-35 / CVE-2007-5338: XPCNativeWraper pollution using Script object Mozilla security researcher moz_bug_r_a4 reported that it was possible to use the Script object to modify XPCNativeWrappers in such a way that subsequent access by the browser chrome--such as by right-clicking to open a context menu--can cause attacker-supplied JavaScript to run with the same privileges as the user. This is similar to MFSA 2007-25 fixed in Firefox 2.0.0.5 Only Windows is affected by : - MFSA 2007-27 / CVE-2007-3845: Unescaped URIs passed to external programs This problem affects Windows only due to their handling of URI launchers. - MFSA 2007-28 / CVE-2006-4965: Code execution via QuickTime Media-link files Linux does not have .lnk files, nor Quicktime. Not affected. - MFSA 2007-36 / CVE-2007-4841 URIs with invalid %-encoding mishandled by Windows This problem does not affected Linux.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27529
    published 2007-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27529
    title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-4574)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-2795.NASL
    description SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. By leveraging browser flaws, users could be fooled into possibly surrendering sensitive information (CVE-2007-1095, CVE-2007-3511, CVE-2007-3844, CVE-2007-5334). Malformed web content could result in the execution of arbitrary commands (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340). Digest Authentication requests can be used to conduct a response splitting attack (CVE-2007-2292). The sftp protocol handler could be used to view the contents of arbitrary local files (CVE-2007-5337). Users of SeaMonkey are advised to upgrade to these erratum packages, which contain patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 27805
    published 2007-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27805
    title Fedora 8 : seamonkey-1.1.5-2.fc8 (2007-2795)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-3431.NASL
    description Updated thunderbird packages that fix several security bugs are now available for Fedora Core 7. This update has been rated as having moderate security impact by the Fedora Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28231
    published 2007-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28231
    title Fedora 7 : thunderbird-2.0.0.9-1.fc7 (2007-3431)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071019_SEAMONKEY_ON_SL4_X.NASL
    description Several flaws were found in the way in which SeaMonkey processed certain malformed web content. A web page containing malicious content could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which SeaMonkey displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the SeaMonkey sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which SeaMonkey generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60269
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60269
    title Scientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0980.NASL
    description Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way in which SeaMonkey processed certain malformed web content. A web page containing malicious content could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which SeaMonkey displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the SeaMonkey sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which SeaMonkey generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 27541
    published 2007-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27541
    title CentOS 3 / 4 : seamonkey (CESA-2007:0980)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SEAMONKEY-4596.NASL
    description This update fixes several security issues in Mozilla SeaMonkey 1.0.9. Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create 'about:blank' windows and populate them in certain ways (including implicit 'about:blank' document creation through data: or javascript: URLs in a new window). - MFSA 2007-29: Crashes with evidence of memory corruption As part of the Firefox 2.0.0.8 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. - CVE-2007-5339 Browser crashes - CVE-2007-5340 JavaScript engine crashes - MFSA 2007-30 / CVE-2007-1095: onUnload Tailgating Michal Zalewski demonstrated that onUnload event handlers had access to the address of the new page about to be loaded, even if the navigation was triggered from outside the page content such as by using a bookmark, pressing the back button, or typing an address into the location bar. If the bookmark contained sensitive information in the URL the attacking page might be able to take advantage of it. An attacking page would also be able to redirect the user, perhaps to a phishing page that looked like the site the user thought they were about to visit. - MFSA 2007-31 / CVE-2007-2292: Digest authentication request splitting Security researcher Stefano Di Paola reported that Firefox did not properly validate the user ID when making an HTTP request using Digest Authentication to log into a website. A malicious page could abuse this to inject arbitrary HTTP headers by including a newline character in the user ID followed by the injected header data. If the user were connecting through a proxy the attacker could inject headers that a proxy would interpret as two separate requests for different hosts. - MFSA 2007-32 / CVE-2007-3511 / CVE-2006-2894: File input focus stealing vulnerability A user on the Sla.ckers.org forums named hong reported that a file upload control could be filled programmatically by switching page focus to the label before a file upload form control for selected keyboard events. An attacker could use this trick to steal files from the users' computer if the attacker knew the full pathnames to the desired fileis and could create a pretext that would convince the user to type long enough to produce all the necessary characters. - MFSA 2007-33 / CVE-2007-5334: XUL pages can hide the window titlebar Mozilla developer Eli Friedman discovered that web pages written in the XUL markup language (rather than the usual HTML) can hide their window's titlebar. It may have been possible to abuse this ability to create more convincing spoof and phishing pages. - MFSA 2007-34 / CVE-2007-5337: Possible file stealing through sftp protocol On Linux machines with gnome-vfs support the smb: and sftp: URI schemes are available in Firefox. Georgi Guninski showed that if an attacker can store the attack page in a mutually accessible location on the target server (/tmp perhaps) and lure the victim into loading it, the attacker could potentially read any file owned by the victim from known locations on that server. - MFSA 2007-35 / CVE-2007-5338: XPCNativeWraper pollution using Script object Mozilla security researcher moz_bug_r_a4 reported that it was possible to use the Script object to modify XPCNativeWrappers in such a way that subsequent access by the browser chrome--such as by right-clicking to open a context menu--can cause attacker-supplied JavaScript to run with the same privileges as the user. This is similar to MFSA 2007-25 fixed in Firefox 2.0.0.5 Only Windows is affected by : - MFSA 2007-27 / CVE-2007-3845: Unescaped URIs passed to external programs This problem affects Windows only due to their handling of URI launchers. - MFSA 2007-28 / CVE-2006-4965: Code execution via QuickTime Media-link files Linux does not have .lnk files, nor Quicktime. Not affected. - MFSA 2007-36 / CVE-2007-4841 URIs with invalid %-encoding mishandled by Windows This problem does not affected Linux.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27581
    published 2007-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27581
    title openSUSE 10 Security Update : seamonkey (seamonkey-4596)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0981.NASL
    description From Red Hat Security Advisory 2007:0981 : Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67593
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67593
    title Oracle Linux 4 : thunderbird (ELSA-2007-0981)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SEAMONKEY-4594.NASL
    description This update fixes several security issues in Mozilla SeaMonkey 1.1.5. Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create 'about:blank' windows and populate them in certain ways (including implicit 'about:blank' document creation through data: or javascript: URLs in a new window). - MFSA 2007-29: Crashes with evidence of memory corruption As part of the Firefox 2.0.0.8 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. - CVE-2007-5339 Browser crashes - CVE-2007-5340 JavaScript engine crashes - MFSA 2007-30 / CVE-2007-1095: onUnload Tailgating Michal Zalewski demonstrated that onUnload event handlers had access to the address of the new page about to be loaded, even if the navigation was triggered from outside the page content such as by using a bookmark, pressing the back button, or typing an address into the location bar. If the bookmark contained sensitive information in the URL the attacking page might be able to take advantage of it. An attacking page would also be able to redirect the user, perhaps to a phishing page that looked like the site the user thought they were about to visit. - MFSA 2007-31 / CVE-2007-2292: Digest authentication request splitting Security researcher Stefano Di Paola reported that Firefox did not properly validate the user ID when making an HTTP request using Digest Authentication to log into a website. A malicious page could abuse this to inject arbitrary HTTP headers by including a newline character in the user ID followed by the injected header data. If the user were connecting through a proxy the attacker could inject headers that a proxy would interpret as two separate requests for different hosts. - MFSA 2007-32 / CVE-2007-3511 / CVE-2006-2894: File input focus stealing vulnerability A user on the Sla.ckers.org forums named hong reported that a file upload control could be filled programmatically by switching page focus to the label before a file upload form control for selected keyboard events. An attacker could use this trick to steal files from the users' computer if the attacker knew the full pathnames to the desired fileis and could create a pretext that would convince the user to type long enough to produce all the necessary characters. - MFSA 2007-33 / CVE-2007-5334: XUL pages can hide the window titlebar Mozilla developer Eli Friedman discovered that web pages written in the XUL markup language (rather than the usual HTML) can hide their window's titlebar. It may have been possible to abuse this ability to create more convincing spoof and phishing pages. - MFSA 2007-34 / CVE-2007-5337: Possible file stealing through sftp protocol On Linux machines with gnome-vfs support the smb: and sftp: URI schemes are available in Firefox. Georgi Guninski showed that if an attacker can store the attack page in a mutually accessible location on the target server (/tmp perhaps) and lure the victim into loading it, the attacker could potentially read any file owned by the victim from known locations on that server. - MFSA 2007-35 / CVE-2007-5338: XPCNativeWraper pollution using Script object Mozilla security researcher moz_bug_r_a4 reported that it was possible to use the Script object to modify XPCNativeWrappers in such a way that subsequent access by the browser chrome--such as by right-clicking to open a context menu--can cause attacker-supplied JavaScript to run with the same privileges as the user. This is similar to MFSA 2007-25 fixed in Firefox 2.0.0.5 Only Windows is affected by : - MFSA 2007-27 / CVE-2007-3845: Unescaped URIs passed to external programs This problem affects Windows only due to their handling of URI launchers. - MFSA 2007-28 / CVE-2006-4965: Code execution via QuickTime Media-link files Linux does not have .lnk files, nor Quicktime. Not affected. - MFSA 2007-36 / CVE-2007-4841 URIs with invalid %-encoding mishandled by Windows This problem does not affected Linux.
    last seen 2019-02-21
    modified 2016-12-27
    plugin id 27573
    published 2007-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27573
    title openSUSE 10 Security Update : seamonkey (seamonkey-4594)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-4572.NASL
    description This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create 'about:blank' windows and populate them in certain ways (including implicit 'about:blank' document creation through data: or javascript: URLs in a new window). - MFSA 2007-29: Crashes with evidence of memory corruption As part of the Firefox 2.0.0.8 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. - CVE-2007-5339 Browser crashes - CVE-2007-5340 JavaScript engine crashes - MFSA 2007-30 / CVE-2007-1095: onUnload Tailgating Michal Zalewski demonstrated that onUnload event handlers had access to the address of the new page about to be loaded, even if the navigation was triggered from outside the page content such as by using a bookmark, pressing the back button, or typing an address into the location bar. If the bookmark contained sensitive information in the URL the attacking page might be able to take advantage of it. An attacking page would also be able to redirect the user, perhaps to a phishing page that looked like the site the user thought they were about to visit. - MFSA 2007-31 / CVE-2007-2292: Digest authentication request splitting Security researcher Stefano Di Paola reported that Firefox did not properly validate the user ID when making an HTTP request using Digest Authentication to log into a website. A malicious page could abuse this to inject arbitrary HTTP headers by including a newline character in the user ID followed by the injected header data. If the user were connecting through a proxy the attacker could inject headers that a proxy would interpret as two separate requests for different hosts. - MFSA 2007-32 / CVE-2007-3511 / CVE-2006-2894: File input focus stealing vulnerability A user on the Sla.ckers.org forums named hong reported that a file upload control could be filled programmatically by switching page focus to the label before a file upload form control for selected keyboard events. An attacker could use this trick to steal files from the users' computer if the attacker knew the full pathnames to the desired fileis and could create a pretext that would convince the user to type long enough to produce all the necessary characters. - MFSA 2007-33 / CVE-2007-5334: XUL pages can hide the window titlebar Mozilla developer Eli Friedman discovered that web pages written in the XUL markup language (rather than the usual HTML) can hide their window's titlebar. It may have been possible to abuse this ability to create more convincing spoof and phishing pages. - MFSA 2007-34 / CVE-2007-5337: Possible file stealing through sftp protocol On Linux machines with gnome-vfs support the smb: and sftp: URI schemes are available in Firefox. Georgi Guninski showed that if an attacker can store the attack page in a mutually accessible location on the target server (/tmp perhaps) and lure the victim into loading it, the attacker could potentially read any file owned by the victim from known locations on that server. - MFSA 2007-35 / CVE-2007-5338: XPCNativeWraper pollution using Script object Mozilla security researcher moz_bug_r_a4 reported that it was possible to use the Script object to modify XPCNativeWrappers in such a way that subsequent access by the browser chrome--such as by right-clicking to open a context menu--can cause attacker-supplied JavaScript to run with the same privileges as the user. This is similar to MFSA 2007-25 fixed in Firefox 2.0.0.5 Only Windows is affected by : - MFSA 2007-27 / CVE-2007-3845: Unescaped URIs passed to external programs This problem affects Windows only due to their handling of URI launchers. - MFSA 2007-28 / CVE-2006-4965: Code execution via QuickTime Media-link files Linux does not have .lnk files, nor Quicktime. Not affected. - MFSA 2007-36 / CVE-2007-4841 URIs with invalid %-encoding mishandled by Windows This problem does not affected Linux.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 27528
    published 2007-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27528
    title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-4572)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-047.NASL
    description A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.9. This update provides the latest Thunderbird to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37880
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37880
    title Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:047)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0979.NASL
    description From Red Hat Security Advisory 2007:0979 : Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way in which Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Firefox sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Firefox generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) All users of Firefox are advised to upgrade to these updated packages, which contain backported patches that correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67591
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67591
    title Oracle Linux 4 / 5 : firefox (ELSA-2007-0979)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-2601.NASL
    description SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. By leveraging browser flaws, users could be fooled into possibly surrendering sensitive information (CVE-2007-1095, CVE-2007-3511, CVE-2007-3844, CVE-2007-5334). Malformed web content could result in the execution of arbitrary commands (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340). Digest Authentication requests can be used to conduct a response splitting attack (CVE-2007-2292). The sftp protocol handler could be used to view the contents of arbitrary local files (CVE-2007-5337). Users of SeaMonkey are advised to upgrade to these erratum packages, which contain patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 27780
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27780
    title Fedora 7 : seamonkey-1.1.5-1.fc7 (2007-2601)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0981.NASL
    description Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 27570
    published 2007-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27570
    title RHEL 4 / 5 : thunderbird (RHSA-2007:0981)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0980.NASL
    description From Red Hat Security Advisory 2007:0980 : Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way in which SeaMonkey processed certain malformed web content. A web page containing malicious content could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which SeaMonkey displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the SeaMonkey sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which SeaMonkey generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67592
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67592
    title Oracle Linux 3 / 4 : seamonkey (ELSA-2007-0980)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0981.NASL
    description Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 27542
    published 2007-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27542
    title CentOS 4 / 5 : thunderbird (CESA-2007:0981)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0979.NASL
    description Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way in which Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Firefox sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Firefox generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) All users of Firefox are advised to upgrade to these updated packages, which contain backported patches that correct these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 27568
    published 2007-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27568
    title RHEL 4 / 5 : firefox (RHSA-2007:0979)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0979.NASL
    description Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way in which Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Firefox sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Firefox generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) All users of Firefox are advised to upgrade to these updated packages, which contain backported patches that correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 27540
    published 2007-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27540
    title CentOS 4 / 5 : firefox (CESA-2007:0979)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071019_THUNDERBIRD_ON_SL5_X.NASL
    description Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60270
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60270
    title Scientific Linux Security Update : thunderbird on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1391.NASL
    description Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3734 Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson and Vladimir Sukhoy discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2007-3735 Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2007-3844 'moz_bug_r_a4' discovered that a regression in the handling of'about:blank' windows used by addons may lead to an attacker being able to modify the content of websites. - CVE-2007-3845 Jesper Johansson discovered that missing sanitising of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page. - CVE-2007-5339 L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay, Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2007-5340 Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. Generally, enabling JavaScript in Icedove is not recommended. The Mozilla products in the oldstable distribution (sarge) are no longer supported with security updates.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 27546
    published 2007-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27546
    title Debian DSA-1391-1 : icedove - several vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0980.NASL
    description Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way in which SeaMonkey processed certain malformed web content. A web page containing malicious content could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which SeaMonkey displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the SeaMonkey sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which SeaMonkey generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 27569
    published 2007-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27569
    title RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:0980)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071019_FIREFOX_ON_SL5_X.NASL
    description Several flaws were found in the way in which Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Firefox sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Firefox generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60268
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60268
    title Scientific Linux Security Update : firefox on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-4570.NASL
    description This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - Privilege escalation through chrome-loaded about:blank windows. (MFSA 2007-26 / CVE-2007-3844) Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create 'about:blank' windows and populate them in certain ways (including implicit 'about:blank' document creation through data: or javascript: URLs in a new window). - Crashes with evidence of memory corruption As part of the Firefox 2.0.0.8 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2007-29) - Browser crashes. (CVE-2007-5339) - JavaScript engine crashes. (CVE-2007-5340) - onUnload Tailgating Michal Zalewski demonstrated that onUnload event handlers had access to the address of the new page about to be loaded, even if the navigation was triggered from outside the page content such as by using a bookmark, pressing the back button, or typing an address into the location bar. If the bookmark contained sensitive information in the URL the attacking page might be able to take advantage of it. An attacking page would also be able to redirect the user, perhaps to a phishing page that looked like the site the user thought they were about to visit. (MFSA 2007-30 / CVE-2007-1095) - Digest authentication request splitting. (MFSA 2007-31 / CVE-2007-2292) Security researcher Stefano Di Paola reported that Firefox did not properly validate the user ID when making an HTTP request using Digest Authentication to log into a website. A malicious page could abuse this to inject arbitrary HTTP headers by including a newline character in the user ID followed by the injected header data. If the user were connecting through a proxy the attacker could inject headers that a proxy would interpret as two separate requests for different hosts. - File input focus stealing vulnerability. (MFSA 2007-32 / CVE-2007-3511 / CVE-2006-2894) A user on the Sla.ckers.org forums named hong reported that a file upload control could be filled programmatically by switching page focus to the label before a file upload form control for selected keyboard events. An attacker could use this trick to steal files from the users' computer if the attacker knew the full pathnames to the desired fileis and could create a pretext that would convince the user to type long enough to produce all the necessary characters. - XUL pages can hide the window titlebar. (MFSA 2007-33 / CVE-2007-5334) Mozilla developer Eli Friedman discovered that web pages written in the XUL markup language (rather than the usual HTML) can hide their window's titlebar. It may have been possible to abuse this ability to create more convincing spoof and phishing pages. - Possible file stealing through sftp protocol. (MFSA 2007-34 / CVE-2007-5337) On Linux machines with gnome-vfs support the smb: and sftp: URI schemes are available in Firefox. Georgi Guninski showed that if an attacker can store the attack page in a mutually accessible location on the target server (/tmp perhaps) and lure the victim into loading it, the attacker could potentially read any file owned by the victim from known locations on that server. - XPCNativeWraper pollution using Script object. (MFSA 2007-35 / CVE-2007-5338) Mozilla security researcher moz_bug_r_a4 reported that it was possible to use the Script object to modify XPCNativeWrappers in such a way that subsequent access by the browser chrome--such as by right-clicking to open a context menu--can cause attacker-supplied JavaScript to run with the same privileges as the user. This is similar to MFSA 2007-25 fixed in Firefox 2.0.0.5 Only Windows is affected by : - Unescaped URIs passed to external programs. (MFSA 2007-27 / CVE-2007-3845) This problem affects Windows only due to their handling of URI launchers. - Code execution via QuickTime Media-link files. (MFSA 2007-28 / CVE-2006-4965) Linux does not have .lnk files, nor Quicktime. Not affected. - URIs with invalid %-encoding mishandled by Windows. (MFSA 2007-36 / CVE-2007-4841) This problem does not affected Linux.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 29362
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29362
    title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 4570)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200708-09.NASL
    description The remote host is affected by the vulnerability described in GLSA-200708-09 (Mozilla products: Multiple vulnerabilities) Mozilla developers fixed several bugs, including an issue with modifying XPCNativeWrappers (CVE-2007-3738), a problem with event handlers executing elements outside of the document (CVE-2007-3737), and a cross-site scripting (XSS) vulnerability (CVE-2007-3736). They also fixed a problem with promiscuous IFRAME access (CVE-2007-3089) and an XULRunner URL spoofing issue with the wyciwyg:// URI and HTTP 302 redirects (CVE-2007-3656). Denials of Service involving corrupted memory were fixed in the browser engine (CVE-2007-3734) and the JavaScript engine (CVE-2007-3735). Finally, another XSS vulnerability caused by a regression in the CVE-2007-3089 patch was fixed (CVE-2007-3844). Impact : A remote attacker could entice a user to view a specially crafted web page that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to perform cross-site scripting attacks, which could result in the exposure of sensitive information such as login credentials. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 25888
    published 2007-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25888
    title GLSA-200708-09 : Mozilla products: Multiple vulnerabilities
oval via4
accepted 2013-04-29T04:19:45.581-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.
family unix
id oval:org.mitre.oval:def:9493
status accepted
submitted 2010-07-09T03:56:16-04:00
title Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2007:0979
  • rhsa
    id RHSA-2007:0980
  • rhsa
    id RHSA-2007:0981
rpms
  • firefox-0:1.5.0.12-0.7.el4
  • firefox-0:1.5.0.12-6.el5
  • firefox-devel-0:1.5.0.12-6.el5
  • seamonkey-0:1.0.9-0.5.el3
  • seamonkey-chat-0:1.0.9-0.5.el3
  • seamonkey-devel-0:1.0.9-0.5.el3
  • seamonkey-dom-inspector-0:1.0.9-0.5.el3
  • seamonkey-js-debugger-0:1.0.9-0.5.el3
  • seamonkey-mail-0:1.0.9-0.5.el3
  • seamonkey-nspr-0:1.0.9-0.5.el3
  • seamonkey-nspr-devel-0:1.0.9-0.5.el3
  • seamonkey-nss-0:1.0.9-0.5.el3
  • seamonkey-nss-devel-0:1.0.9-0.5.el3
  • seamonkey-0:1.0.9-6.el4
  • seamonkey-chat-0:1.0.9-6.el4
  • seamonkey-devel-0:1.0.9-6.el4
  • seamonkey-dom-inspector-0:1.0.9-6.el4
  • seamonkey-js-debugger-0:1.0.9-6.el4
  • seamonkey-mail-0:1.0.9-6.el4
  • seamonkey-nspr-0:1.0.9-6.el4
  • seamonkey-nspr-devel-0:1.0.9-6.el4
  • seamonkey-nss-0:1.0.9-6.el4
  • seamonkey-nss-devel-0:1.0.9-6.el4
  • thunderbird-0:1.5.0.12-0.5.el4
  • thunderbird-0:1.5.0.12-5.el5
refmap via4
bid 25142
bugtraq
  • 20070801 FLEA-2007-0039-1 firefox
  • 20070803 FLEA-2007-0040-1 thunderbird
confirm
debian
  • DSA-1344
  • DSA-1345
  • DSA-1346
  • DSA-1391
fedora
  • FEDORA-2007-2601
  • FEDORA-2007-3431
gentoo GLSA-200708-09
hp
  • HPSBUX02153
  • HPSBUX02156
  • SSRT061181
  • SSRT061236
mandriva
  • MDKSA-2007:152
  • MDVSA-2007:047
  • MDVSA-2008:047
sectrack
  • 1018479
  • 1018480
  • 1018481
secunia
  • 26234
  • 26258
  • 26288
  • 26303
  • 26309
  • 26331
  • 26335
  • 26393
  • 26460
  • 26572
  • 27276
  • 27298
  • 27325
  • 27326
  • 27327
  • 27356
  • 27414
  • 27680
  • 28135
  • 28363
slackware SSA:2007-213-01
sunalert
  • 103177
  • 201516
suse SUSE-SA:2007:057
ubuntu
  • USN-493-1
  • USN-503-1
vupen
  • ADV-2007-3587
  • ADV-2007-4256
  • ADV-2008-0082
statements via4
contributor Mark J Cox
lastmodified 2007-08-17
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250648 The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw.
Last major update 07-03-2011 - 21:57
Published 07-08-2007 - 21:17
Last modified 15-10-2018 - 17:31
Back to Top