CVE-2007-1084

Publication date 23 February 2007

Last updated 24 July 2024

Description

Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.10 intrepid	Not in release
	8.04 LTS hardy	Ignored end of life
	7.10 gutsy	Ignored end of life, was needed
	7.04 feisty	Ignored end of life, was needed
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored end of life

Notes

jdstrand

1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1 lists: New security/stability upstream release (v2.0.0.6) - 1.8.0.13 prepatches and mentions many CVEs, but not this one. still not fixed per asac (on any release)

References

Other references

https://www.cve.org/CVERecord?id=CVE-2007-1084