CVE-2007-0981
Published: 16 February 2007
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
firefox Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1)
|
| edgy |
Released
(2.0.0.6+0dfsg-0ubuntu0.6.10)
|
|
| feisty |
Released
(2.0.0.6+1-0ubuntu1)
|
|
| gutsy |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
|
iceape Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| gutsy |
Released
(1.1.4-1ubuntu2)
|
|
| upstream |
Needs triage
|
|
|
lightning-sunbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| gutsy |
Released
(0.5-0ubuntu4)
|
|
| upstream |
Needs triage
|
|
|
midbrowser Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| gutsy |
Released
(0.1.6b-0ubuntu2)
|
|
| upstream |
Needs triage
|
|
|
xulrunner Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Ignored
(end of life, was needed)
|
|
| feisty |
Released
(1.8.0.10-3ubuntu1)
|
|
| gutsy |
Released
(1.8.0.10-3ubuntu1)
|
|
| upstream |
Needs triage
|