CVE-2007-3827

Publication date 17 July 2007

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

Description

Mozilla Firefox allows for cookies to be set with a null domain (aka "domainless cookies"), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window.

Read the notes from the security team

Status

Package Ubuntu Release Status
firefox 9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy
Not affected
7.10 gutsy Ignored end of life, was needed
7.04 feisty Ignored end of life, was needed
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper Ignored end of life
iceape 9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Ignored end of life, was needed
7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
mozilla 9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty Not in release
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper Ignored end of life

Notes

mdeslaur

upstream couldn't reproduce

References

Other references

Access our resources on patching vulnerabilities