Back to search
CVE-2007-1084
Published: Feb 23, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20070223 Re: [Full-disclosure] Firefox bookmark cross-domain surfingvulnerability
mailing-list
x_refsource_BUGTRAQ
20070221 Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability
mailing-list
x_refsource_BUGTRAQ
33803
vdb-entry
x_refsource_OSVDB
http://lcamtuf.coredump.cx/ffbook
x_refsource_MISC
20070221 Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability
mailing-list
x_refsource_BUGTRAQ
2304
third-party-advisory
x_refsource_SREASON
20070221 Firefox bookmark cross-domain surfing vulnerability
mailing-list
x_refsource_BUGTRAQ
http://lcamtuf.coredump.cx/ffbook/
x_refsource_MISC
http://www.heise-security.co.uk/news/85728
x_refsource_MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=371179
x_refsource_CONFIRM
22666
vdb-entry
x_refsource_BID
20070221 Firefox bookmark cross-domain surfing vulnerability
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now