Vulnerability-Lookup

CVE-2007-0800 (GCVE-0-2007-0800)

Vulnerability from cvelistv5 – Published: 2007-02-07 11:00 – Updated: 2024-08-07 12:34

Summary

Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

51 references

URL	Tags
http://www.redhat.com/support/errata/RHSA-2007-00…	vendor-advisoryx_refsource_REDHAT
http://www.mozilla.org/security/announce/2007/mfs…	x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://secunia.com/advisories/24395	third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/461336/100…	mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/24328	third-party-advisoryx_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2007-01…	vendor-advisoryx_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-200703-04.xml	vendor-advisoryx_refsource_GENTOO
http://www.securityfocus.com/bid/22396	vdb-entryx_refsource_BID
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://www.gentoo.org/security/en/glsa/glsa-20070…	vendor-advisoryx_refsource_GENTOO
http://secunia.com/advisories/24384	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/24457	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/24343	third-party-advisoryx_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2007/0718	vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/24650	third-party-advisoryx_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-428-1	vendor-advisoryx_refsource_UBUNTU
http://secunia.com/advisories/24320	third-party-advisoryx_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1103	x_refsource_CONFIRM
http://lists.suse.com/archive/suse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.vupen.com/english/advisories/2008/0083	vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/archive/1/461809/100…	mailing-listx_refsource_BUGTRAQ
http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/24293	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/24238	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/24393	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/24342	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/24287	third-party-advisoryx_refsource_SECUNIA
http://lists.grok.org.uk/pipermail/full-disclosur…	mailing-listx_refsource_FULLDISC
http://www.securityfocus.com/bid/22694	vdb-entryx_refsource_BID
http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
http://www.osvdb.org/32108	vdb-entryx_refsource_OSVDB
http://fedoranews.org/cms/node/2713	vendor-advisoryx_refsource_FEDORA
http://www.redhat.com/support/errata/RHSA-2007-00…	vendor-advisoryx_refsource_REDHAT
http://www.securitytracker.com/id?1017702	vdb-entryx_refsource_SECTRACK
http://fedoranews.org/cms/node/2728	vendor-advisoryx_refsource_FEDORA
ftp://patches.sgi.com/support/free/security/advis…	vendor-advisoryx_refsource_SGI
http://secunia.com/advisories/24205	third-party-advisoryx_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1081	x_refsource_CONFIRM
http://secunia.com/advisories/24333	third-party-advisoryx_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://secunia.com/advisories/24290	third-party-advisoryx_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2007-0077.html	vendor-advisoryx_refsource_REDHAT
ftp://patches.sgi.com/support/free/security/advis…	vendor-advisoryx_refsource_SGI
http://slackware.com/security/viewer.php?l=slackw…	vendor-advisoryx_refsource_SLACKWARE
http://www.redhat.com/support/errata/RHSA-2007-00…	vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/archive/1/459163/100…	mailing-listx_refsource_BUGTRAQ
http://lists.grok.org.uk/pipermail/full-disclosur…	mailing-listx_refsource_FULLDISC
http://www.securityfocus.com/archive/1/459162/100…	mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/24437	third-party-advisoryx_refsource_SECUNIA

Date Public

2007-02-05 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:34:20.484Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2007:0078",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-05.html"
          },
          {
            "name": "firefox-popup-security-bypass(32194)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32194"
          },
          {
            "name": "24395",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24395"
          },
          {
            "name": "20070226 rPSA-2007-0040-1 firefox",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
          },
          {
            "name": "24328",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24328"
          },
          {
            "name": "RHSA-2007:0108",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
          },
          {
            "name": "GLSA-200703-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"
          },
          {
            "name": "22396",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22396"
          },
          {
            "name": "oval:org.mitre.oval:def:10654",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10654"
          },
          {
            "name": "GLSA-200703-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"
          },
          {
            "name": "24384",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24384"
          },
          {
            "name": "24457",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24457"
          },
          {
            "name": "24343",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24343"
          },
          {
            "name": "HPSBUX02153",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "ADV-2007-0718",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0718"
          },
          {
            "name": "24650",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24650"
          },
          {
            "name": "USN-428-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-428-1"
          },
          {
            "name": "24320",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24320"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1103"
          },
          {
            "name": "SUSE-SA:2007:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
          },
          {
            "name": "ADV-2008-0083",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0083"
          },
          {
            "name": "20070303 rPSA-2007-0040-3 firefox thunderbird",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
          },
          {
            "name": "SUSE-SA:2007:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
          },
          {
            "name": "24293",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24293"
          },
          {
            "name": "24238",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24238"
          },
          {
            "name": "24393",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24393"
          },
          {
            "name": "24342",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24342"
          },
          {
            "name": "24287",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24287"
          },
          {
            "name": "20070205 Re: Firefox + popup blocker + XMLHttpRequest + srand() = oops",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052211.html"
          },
          {
            "name": "22694",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22694"
          },
          {
            "name": "SSRT061181",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "32108",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/32108"
          },
          {
            "name": "FEDORA-2007-281",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/cms/node/2713"
          },
          {
            "name": "RHSA-2007:0097",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
          },
          {
            "name": "1017702",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017702"
          },
          {
            "name": "FEDORA-2007-293",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/cms/node/2728"
          },
          {
            "name": "20070301-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
          },
          {
            "name": "24205",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24205"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1081"
          },
          {
            "name": "24333",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24333"
          },
          {
            "name": "MDKSA-2007:050",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
          },
          {
            "name": "24290",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24290"
          },
          {
            "name": "RHSA-2007:0077",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
          },
          {
            "name": "20070202-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
          },
          {
            "name": "SSA:2007-066-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
          },
          {
            "name": "RHSA-2007:0079",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
          },
          {
            "name": "20070205 Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/459163/100/0/threaded"
          },
          {
            "name": "20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052209.html"
          },
          {
            "name": "20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/459162/100/0/threaded"
          },
          {
            "name": "24437",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24437"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-02-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2007:0078",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-05.html"
        },
        {
          "name": "firefox-popup-security-bypass(32194)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32194"
        },
        {
          "name": "24395",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24395"
        },
        {
          "name": "20070226 rPSA-2007-0040-1 firefox",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
        },
        {
          "name": "24328",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24328"
        },
        {
          "name": "RHSA-2007:0108",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
        },
        {
          "name": "GLSA-200703-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"
        },
        {
          "name": "22396",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22396"
        },
        {
          "name": "oval:org.mitre.oval:def:10654",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10654"
        },
        {
          "name": "GLSA-200703-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"
        },
        {
          "name": "24384",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24384"
        },
        {
          "name": "24457",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24457"
        },
        {
          "name": "24343",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24343"
        },
        {
          "name": "HPSBUX02153",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "name": "ADV-2007-0718",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0718"
        },
        {
          "name": "24650",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24650"
        },
        {
          "name": "USN-428-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-428-1"
        },
        {
          "name": "24320",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24320"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1103"
        },
        {
          "name": "SUSE-SA:2007:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
        },
        {
          "name": "ADV-2008-0083",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0083"
        },
        {
          "name": "20070303 rPSA-2007-0040-3 firefox thunderbird",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
        },
        {
          "name": "SUSE-SA:2007:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
        },
        {
          "name": "24293",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24293"
        },
        {
          "name": "24238",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24238"
        },
        {
          "name": "24393",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24393"
        },
        {
          "name": "24342",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24342"
        },
        {
          "name": "24287",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24287"
        },
        {
          "name": "20070205 Re: Firefox + popup blocker + XMLHttpRequest + srand() = oops",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052211.html"
        },
        {
          "name": "22694",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22694"
        },
        {
          "name": "SSRT061181",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "name": "32108",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/32108"
        },
        {
          "name": "FEDORA-2007-281",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/cms/node/2713"
        },
        {
          "name": "RHSA-2007:0097",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
        },
        {
          "name": "1017702",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017702"
        },
        {
          "name": "FEDORA-2007-293",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/cms/node/2728"
        },
        {
          "name": "20070301-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
        },
        {
          "name": "24205",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24205"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1081"
        },
        {
          "name": "24333",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24333"
        },
        {
          "name": "MDKSA-2007:050",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
        },
        {
          "name": "24290",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24290"
        },
        {
          "name": "RHSA-2007:0077",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
        },
        {
          "name": "20070202-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
        },
        {
          "name": "SSA:2007-066-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
        },
        {
          "name": "RHSA-2007:0079",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
        },
        {
          "name": "20070205 Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/459163/100/0/threaded"
        },
        {
          "name": "20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052209.html"
        },
        {
          "name": "20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/459162/100/0/threaded"
        },
        {
          "name": "24437",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24437"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0800",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2007:0078",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-05.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-05.html"
            },
            {
              "name": "firefox-popup-security-bypass(32194)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32194"
            },
            {
              "name": "24395",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24395"
            },
            {
              "name": "20070226 rPSA-2007-0040-1 firefox",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
            },
            {
              "name": "24328",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24328"
            },
            {
              "name": "RHSA-2007:0108",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
            },
            {
              "name": "GLSA-200703-04",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"
            },
            {
              "name": "22396",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22396"
            },
            {
              "name": "oval:org.mitre.oval:def:10654",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10654"
            },
            {
              "name": "GLSA-200703-08",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"
            },
            {
              "name": "24384",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24384"
            },
            {
              "name": "24457",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24457"
            },
            {
              "name": "24343",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24343"
            },
            {
              "name": "HPSBUX02153",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "ADV-2007-0718",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0718"
            },
            {
              "name": "24650",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24650"
            },
            {
              "name": "USN-428-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-428-1"
            },
            {
              "name": "24320",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24320"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1103",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1103"
            },
            {
              "name": "SUSE-SA:2007:019",
              "refsource": "SUSE",
              "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
            },
            {
              "name": "ADV-2008-0083",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0083"
            },
            {
              "name": "20070303 rPSA-2007-0040-3 firefox thunderbird",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
            },
            {
              "name": "SUSE-SA:2007:022",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
            },
            {
              "name": "24293",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24293"
            },
            {
              "name": "24238",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24238"
            },
            {
              "name": "24393",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24393"
            },
            {
              "name": "24342",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24342"
            },
            {
              "name": "24287",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24287"
            },
            {
              "name": "20070205 Re: Firefox + popup blocker + XMLHttpRequest + srand() = oops",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052211.html"
            },
            {
              "name": "22694",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22694"
            },
            {
              "name": "SSRT061181",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "32108",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/32108"
            },
            {
              "name": "FEDORA-2007-281",
              "refsource": "FEDORA",
              "url": "http://fedoranews.org/cms/node/2713"
            },
            {
              "name": "RHSA-2007:0097",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
            },
            {
              "name": "1017702",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017702"
            },
            {
              "name": "FEDORA-2007-293",
              "refsource": "FEDORA",
              "url": "http://fedoranews.org/cms/node/2728"
            },
            {
              "name": "20070301-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
            },
            {
              "name": "24205",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24205"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1081",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1081"
            },
            {
              "name": "24333",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24333"
            },
            {
              "name": "MDKSA-2007:050",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
            },
            {
              "name": "24290",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24290"
            },
            {
              "name": "RHSA-2007:0077",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
            },
            {
              "name": "20070202-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
            },
            {
              "name": "SSA:2007-066-05",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
            },
            {
              "name": "RHSA-2007:0079",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
            },
            {
              "name": "20070205 Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/459163/100/0/threaded"
            },
            {
              "name": "20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052209.html"
            },
            {
              "name": "20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/459162/100/0/threaded"
            },
            {
              "name": "24437",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24437"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0800",
    "datePublished": "2007-02-07T11:00:00.000Z",
    "dateReserved": "2007-02-07T00:00:00.000Z",
    "dateUpdated": "2024-08-07T12:34:20.484Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2007-0800",
      "date": "2026-05-29",
      "epss": "0.04655",
      "percentile": "0.89474"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-0800\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-02-07T11:28:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de cruce de sitios en Mozilla Firefox 1.5.0.9 considera que las ventanas emergentes bloqueadas tienen un origen de zona interno, lo cual permite a usuarios remotos con la complicidad del usuario cruzar restricciones de zona y leer URIs tipo \\\"file://\\\"  de su elecci\u00f3n convenciendo al usuario de que muestre una ventana emergente bloqueada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A524A94E-F19B-42B9-AA8E-171751C339AA\"}]}]}],\"references\":[{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://fedoranews.org/cms/node/2713\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://fedoranews.org/cms/node/2728\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052209.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052211.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2007-0077.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24205\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24238\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24287\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24290\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24293\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24320\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24328\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24333\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24342\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24343\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24384\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24393\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24395\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24437\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24457\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24650\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200703-04.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:050\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mozilla.org/security/announce/2007/mfsa2007-05.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_22_mozilla.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/32108\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0078.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0079.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0097.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0108.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/459162/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/459163/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/461336/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/461809/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/22396\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/22694\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1017702\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-428-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0718\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0083\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/32194\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://issues.rpath.com/browse/RPL-1081\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://issues.rpath.com/browse/RPL-1103\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10654\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://fedoranews.org/cms/node/2713\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://fedoranews.org/cms/node/2728\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052209.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052211.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2007-0077.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24205\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24238\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24287\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24290\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24293\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24320\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24328\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24333\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24342\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24343\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24384\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24393\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24395\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24437\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24457\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24650\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200703-04.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:050\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mozilla.org/security/announce/2007/mfsa2007-05.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_22_mozilla.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/32108\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0078.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0079.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0097.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0108.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/459162/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/459163/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/461336/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/461809/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/22396\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/22694\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1017702\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-428-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0718\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0083\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/32194\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.rpath.com/browse/RPL-1081\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.rpath.com/browse/RPL-1103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10654\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

RHSA-2007:0108

Vulnerability from csaf_redhat - Published: 2007-03-14 00:24 - Updated: 2025-11-21 17:31

Summary

Red Hat Security Advisory: thunderbird security update

Severity

Critical

Notes

Topic: Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML mail message could execute JavaScript code in such a way that may result in Thunderbird crashing or executing arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-0775, CVE-2007-0777) Several cross-site scripting (XSS) flaws were found in the way Thunderbird processed certain malformed HTML mail messages. A malicious HTML mail message could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way Thunderbird processed text/enhanced and text/richtext formatted mail message. A specially crafted mail message could execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2007-1282) A flaw was found in the way Thunderbird cached web content on the local disk. A malicious HTML mail message may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way Thunderbird displayed certain web content. A malicious HTML mail message could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way Thunderbird displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running Thunderbird. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way Thunderbird handled the "location.hostname" value during certain browser domain checks. This flaw could allow a malicious HTML mail message to set domain cookies for an arbitrary site, or possibly perform an XSS attack. (CVE-2007-0981) Users of Thunderbird are advised to apply this update, which contains Thunderbird version 1.5.0.10 that corrects these issues.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2006-6077

The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2007-0008

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2007-0009

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2007-0775

Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix

Threats

Impact Critical

CVE-2007-0777

The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix

Threats

Impact Critical

CVE-2007-0778

The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2007-0779

GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor.

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2007-0780

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2007-0800

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2007-0981

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2007-0995

Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2007-0996

The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2007-1282

Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line.

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.src	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64	—	Vendor Fix fix

Threats

Impact Critical

References

55 references

URL	Category
https://access.redhat.com/errata/RHSA-2007:0108	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=230562	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2006-6077	self
https://bugzilla.redhat.com/show_bug.cgi?id=1618236	external
https://www.cve.org/CVERecord?id=CVE-2006-6077	external
https://nvd.nist.gov/vuln/detail/CVE-2006-6077	external
https://access.redhat.com/security/cve/CVE-2007-0008	self
https://bugzilla.redhat.com/show_bug.cgi?id=565576	external
https://www.cve.org/CVERecord?id=CVE-2007-0008	external
https://nvd.nist.gov/vuln/detail/CVE-2007-0008	external
https://access.redhat.com/security/cve/CVE-2007-0009	self
https://www.cve.org/CVERecord?id=CVE-2007-0009	external
https://nvd.nist.gov/vuln/detail/CVE-2007-0009	external
https://access.redhat.com/security/cve/CVE-2007-0775	self
https://bugzilla.redhat.com/show_bug.cgi?id=1618273	external
https://www.cve.org/CVERecord?id=CVE-2007-0775	external
https://nvd.nist.gov/vuln/detail/CVE-2007-0775	external
https://access.redhat.com/security/cve/CVE-2007-0777	self
https://bugzilla.redhat.com/show_bug.cgi?id=1618275	external
https://www.cve.org/CVERecord?id=CVE-2007-0777	external
https://nvd.nist.gov/vuln/detail/CVE-2007-0777	external
https://access.redhat.com/security/cve/CVE-2007-0778	self
https://bugzilla.redhat.com/show_bug.cgi?id=1618276	external
https://www.cve.org/CVERecord?id=CVE-2007-0778	external
https://nvd.nist.gov/vuln/detail/CVE-2007-0778	external
https://access.redhat.com/security/cve/CVE-2007-0779	self
https://bugzilla.redhat.com/show_bug.cgi?id=1618277	external
https://www.cve.org/CVERecord?id=CVE-2007-0779	external
https://nvd.nist.gov/vuln/detail/CVE-2007-0779	external
https://access.redhat.com/security/cve/CVE-2007-0780	self
https://bugzilla.redhat.com/show_bug.cgi?id=1618278	external
https://www.cve.org/CVERecord?id=CVE-2007-0780	external
https://nvd.nist.gov/vuln/detail/CVE-2007-0780	external
https://access.redhat.com/security/cve/CVE-2007-0800	self
https://bugzilla.redhat.com/show_bug.cgi?id=1618279	external
https://www.cve.org/CVERecord?id=CVE-2007-0800	external
https://nvd.nist.gov/vuln/detail/CVE-2007-0800	external
https://access.redhat.com/security/cve/CVE-2007-0981	self
https://bugzilla.redhat.com/show_bug.cgi?id=229253	external
https://www.cve.org/CVERecord?id=CVE-2007-0981	external
https://nvd.nist.gov/vuln/detail/CVE-2007-0981	external
https://access.redhat.com/security/cve/CVE-2007-0995	self
https://bugzilla.redhat.com/show_bug.cgi?id=1618287	external
https://www.cve.org/CVERecord?id=CVE-2007-0995	external
https://nvd.nist.gov/vuln/detail/CVE-2007-0995	external
https://access.redhat.com/security/cve/CVE-2007-0996	self
https://bugzilla.redhat.com/show_bug.cgi?id=1618288	external
https://www.cve.org/CVERecord?id=CVE-2007-0996	external
https://nvd.nist.gov/vuln/detail/CVE-2007-0996	external
https://access.redhat.com/security/cve/CVE-2007-1282	self
https://bugzilla.redhat.com/show_bug.cgi?id=1618295	external
https://www.cve.org/CVERecord?id=CVE-2007-1282	external
https://nvd.nist.gov/vuln/detail/CVE-2007-1282	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated thunderbird packages that fix several security bugs are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the way Thunderbird processed certain malformed\nJavaScript code. A malicious HTML mail message could execute JavaScript\ncode in such a way that may result in Thunderbird crashing or executing\narbitrary code as the user running Thunderbird. JavaScript support is\ndisabled by default in Thunderbird; these issues are not exploitable unless\nthe user has enabled JavaScript. (CVE-2007-0775, CVE-2007-0777)\n\nSeveral cross-site scripting (XSS) flaws were found in the way Thunderbird\nprocessed certain malformed HTML mail messages. A malicious HTML mail\nmessage could display misleading information which may result in a user\nunknowingly divulging sensitive information such as a password.\n(CVE-2006-6077, CVE-2007-0995, CVE-2007-0996)\n\nA flaw was found in the way Thunderbird processed text/enhanced and\ntext/richtext formatted mail message. A specially crafted mail message\ncould execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2007-1282)\n\nA flaw was found in the way Thunderbird cached web content on the local\ndisk. A malicious HTML mail message may be able to inject arbitrary HTML\ninto a browsing session if the user reloads a targeted site. (CVE-2007-0778)\n\nA flaw was found in the way Thunderbird displayed certain web content. A\nmalicious HTML mail message could generate content which could overlay user\ninterface elements such as the hostname and security indicators, tricking a\nuser into thinking they are visiting a different site. (CVE-2007-0779)\n\nTwo flaws were found in the way Thunderbird displayed blocked popup\nwindows. If a user can be convinced to open a blocked popup, it is possible\nto read arbitrary local files, or conduct an XSS attack against the user.\n(CVE-2007-0780, CVE-2007-0800)\n\nTwo buffer overflow flaws were found in the Network Security Services (NSS)\ncode for processing the SSLv2 protocol. Connecting to a malicious secure\nweb server could cause the execution of arbitrary code as the user running\nThunderbird. (CVE-2007-0008, CVE-2007-0009)\n\nA flaw was found in the way Thunderbird handled the \"location.hostname\"\nvalue during certain browser domain checks. This flaw could allow a\nmalicious HTML mail message to set domain cookies for an arbitrary site, or\npossibly perform an XSS attack. (CVE-2007-0981)\n\nUsers of Thunderbird are advised to apply this update, which contains\nThunderbird version 1.5.0.10 that corrects these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2007:0108",
        "url": "https://access.redhat.com/errata/RHSA-2007:0108"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "230562",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=230562"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0108.json"
      }
    ],
    "title": "Red Hat Security Advisory: thunderbird security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:31:20+00:00",
      "generator": {
        "date": "2025-11-21T17:31:20+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2007:0108",
      "initial_release_date": "2007-03-14T00:24:00+00:00",
      "revision_history": [
        {
          "date": "2007-03-14T00:24:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2007-03-14T11:12:40+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:31:20+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "thunderbird-0:1.5.0.10-1.el5.src",
                "product": {
                  "name": "thunderbird-0:1.5.0.10-1.el5.src",
                  "product_id": "thunderbird-0:1.5.0.10-1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird@1.5.0.10-1.el5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "thunderbird-0:1.5.0.10-1.el5.x86_64",
                "product": {
                  "name": "thunderbird-0:1.5.0.10-1.el5.x86_64",
                  "product_id": "thunderbird-0:1.5.0.10-1.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird@1.5.0.10-1.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64",
                "product": {
                  "name": "thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64",
                  "product_id": "thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird-debuginfo@1.5.0.10-1.el5?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "thunderbird-0:1.5.0.10-1.el5.i386",
                "product": {
                  "name": "thunderbird-0:1.5.0.10-1.el5.i386",
                  "product_id": "thunderbird-0:1.5.0.10-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird@1.5.0.10-1.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
                "product": {
                  "name": "thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
                  "product_id": "thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/thunderbird-debuginfo@1.5.0.10-1.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:1.5.0.10-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:thunderbird-0:1.5.0.10-1.el5.i386"
        },
        "product_reference": "thunderbird-0:1.5.0.10-1.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:1.5.0.10-1.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:thunderbird-0:1.5.0.10-1.el5.src"
        },
        "product_reference": "thunderbird-0:1.5.0.10-1.el5.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-0:1.5.0.10-1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64"
        },
        "product_reference": "thunderbird-0:1.5.0.10-1.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:1.5.0.10-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386"
        },
        "product_reference": "thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        },
        "product_reference": "thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64",
        "relates_to_product_reference": "5Client"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-6077",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618236"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-6077"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618236",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618236"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-6077",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-6077"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-6077",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-6077"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0008",
      "discovery_date": "2006-12-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "565576"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the \"Master Secret\", which results in a heap-based overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "NSS: SSLv2 protocol buffer overflows",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0008"
        },
        {
          "category": "external",
          "summary": "RHBZ#565576",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=565576"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0008"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0008",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0008"
        }
      ],
      "release_date": "2007-02-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "NSS: SSLv2 protocol buffer overflows"
    },
    {
      "cve": "CVE-2007-0009",
      "discovery_date": "2006-12-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "565576"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid \"Client Master Key\" length values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "NSS: SSLv2 protocol buffer overflows",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0009"
        },
        {
          "category": "external",
          "summary": "RHBZ#565576",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=565576"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0009",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0009"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0009",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0009"
        }
      ],
      "release_date": "2007-02-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "NSS: SSLv2 protocol buffer overflows"
    },
    {
      "cve": "CVE-2007-0775",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618273"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0775"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618273",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618273"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0775",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0775"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0775",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0775"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0777",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618275"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0777"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618275",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618275"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0777",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0777"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0777",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0777"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0778",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618276"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0778"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618276",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618276"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0778",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0778"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0778",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0778"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0779",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618277"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0779"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618277",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618277"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0779",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0779"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0779",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0779"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0780",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618278"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0780"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618278",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618278"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0780",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0780"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0780",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0780"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0800",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618279"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0800"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618279",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618279"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0800"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0800",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0800"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0981",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "229253"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": ": seamonkey cookie setting / same-domain bypass vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0981"
        },
        {
          "category": "external",
          "summary": "RHBZ#229253",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=229253"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0981",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0981"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0981",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0981"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": ": seamonkey cookie setting / same-domain bypass vulnerability"
    },
    {
      "cve": "CVE-2007-0995",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618287"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0995"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618287",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618287"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0995",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0995"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0995",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0995"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0996",
      "discovery_date": "2007-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618288"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0996"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618288",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618288"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0996",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0996"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0996",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0996"
        }
      ],
      "release_date": "2007-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-1282",
      "discovery_date": "2007-03-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618295"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-0:1.5.0.10-1.el5.src",
          "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
          "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1282"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618295",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618295"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1282"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1282",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1282"
        }
      ],
      "release_date": "2007-03-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-03-14T00:24:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client:thunderbird-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-0:1.5.0.10-1.el5.src",
            "5Client:thunderbird-0:1.5.0.10-1.el5.x86_64",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.i386",
            "5Client:thunderbird-debuginfo-0:1.5.0.10-1.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0108"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-0800 (GCVE-0-2007-0800)

RHSA-2007:0108

Tags

Sightings

Nomenclature