Debian Bug report logs - #556267
xulrunner: CVE-2007-1970 phishing vulnerability

Package: iceweasel; Maintainer for iceweasel is Maintainers of Mozilla-related packages <[email protected]>; Source for iceweasel is src:firefox-esr (PTS, buildd, popcon).

Reported by: Michael Gilbert <[email protected]>

Date: Sun, 15 Nov 2009 06:18:02 UTC

Severity: normal

Tags: fixed-upstream, security

Forwarded to https://bugzilla.mozilla.org/show_bug.cgi?id=527733

Reply or subscribe to this bug.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to [email protected], Maintainers of Mozilla-related packages <[email protected]>:
Bug#556267; Package xulrunner. (Sun, 15 Nov 2009 06:18:05 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Gilbert <[email protected]>:
New Bug report received and forwarded. Copy sent to Maintainers of Mozilla-related packages <[email protected]>. (Sun, 15 Nov 2009 06:18:05 GMT) (full text, mbox, link).

Message #5 received at [email protected] (full text, mbox, reply):

From: Michael Gilbert <[email protected]>
To: [email protected]
Subject: xulrunner: CVE-2007-1970 phishing vulnerability
Date: Sat, 14 Nov 2009 20:14:46 -0500
Package: xulrunner
Version: 1.9.0.13-0
Severity: serious
Tags: security

Hi,

The following CVE (Common Vulnerabilities & Exposures) id was
published for xulrunner.

CVE-2007-1970[0]:
| Mozilla Firefox does not warn the user about HTTP elements on an HTTPS
| page when the HTTP elements are dynamically created by a delayed
| document.write, which allows remote attackers to supply
| unauthenticated content and conduct phishing attacks.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1970
    http://security-tracker.debian.org/tracker/CVE-2007-1970

Information forwarded to [email protected], Maintainers of Mozilla-related packages <[email protected]>:
Bug#556267; Package xulrunner. (Sun, 15 Nov 2009 06:42:06 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Gilbert <[email protected]>:
Extra info received and forwarded to list. Copy sent to Maintainers of Mozilla-related packages <[email protected]>. (Sun, 15 Nov 2009 06:42:06 GMT) (full text, mbox, link).

Message #10 received at [email protected] (full text, mbox, reply):

From: Michael Gilbert <[email protected]>
To: [email protected], [email protected]
Subject: forwarded
Date: Sat, 14 Nov 2009 20:39:41 -0500
forwarded 556267 https://bugzilla.mozilla.org/show_bug.cgi?id=527733
thanks

Set Bug forwarded-to-address to 'https://bugzilla.mozilla.org/show_bug.cgi?id=527733'. Request was from Michael Gilbert <[email protected]> to [email protected]. (Sun, 15 Nov 2009 06:42:11 GMT) (full text, mbox, link).

Severity set to 'normal' from 'serious' Request was from Moritz Muehlenhoff <[email protected]> to [email protected]. (Thu, 26 Nov 2009 21:33:08 GMT) (full text, mbox, link).

Bug reassigned from package 'xulrunner' to 'iceweasel'. Request was from David Prévot <[email protected]> to [email protected]. (Mon, 09 Apr 2012 15:12:23 GMT) (full text, mbox, link).

No longer marked as found in versions 1.9.0.13-0. Request was from David Prévot <[email protected]> to [email protected]. (Mon, 09 Apr 2012 15:12:23 GMT) (full text, mbox, link).

Added tag(s) fixed-upstream. Request was from [email protected] to [email protected]. (Thu, 22 Feb 2018 17:10:13 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <[email protected]>. Last modified: Wed May 14 03:02:29 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.