Bug#556267: xulrunner: CVE-2007-1970 phishing vulnerability
Michael Gilbert
michael.s.gilbert at gmail.com
Sun Nov 15 01:14:46 UTC 2009
Package: xulrunner
Version: 1.9.0.13-0
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for xulrunner.
CVE-2007-1970[0]:
| Mozilla Firefox does not warn the user about HTTP elements on an HTTPS
| page when the HTTP elements are dynamically created by a delayed
| document.write, which allows remote attackers to supply
| unauthenticated content and conduct phishing attacks.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1970
http://security-tracker.debian.org/tracker/CVE-2007-1970
More information about the pkg-mozilla-maintainers
mailing list