CVE-2007-1084 — Mozilla Firefox vulnerability

CWE-167 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.6%

top 30.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Epiphany-browser

Timeline

PublishedFeb 23

Latest updateMay 1

Description

Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDmozilla/firefox2.0.0.1+29

▶debiandebian/epiphany-browser

🔴Vulnerability Details

GHSA

GHSA-3799-mwjc-pmj8: Mozilla Firefox 2↗2022-05-01

▶

OSV

CVE-2007-1084: Mozilla Firefox 2↗2007-02-23

▶

📋Vendor Advisories

Debian

CVE-2007-1084: epiphany-browser - Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmark...↗2007

▶

💬Community

Bugzilla

CVE-2007-5959 Multiple flaws in Firefox↗2007-11-21

▶

Bugzilla

CVE-2007-5947 Mozilla jar: protocol XSS↗2007-11-21

▶

Bugzilla

CVE-2007-5960 Mozilla Cross-site Request Forgery flaw↗2007-11-21

▶