| Name | CVE-2007-0981 |
| Description | Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-1336-1 |
| Debian Bugs | 411192 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| iceape | source | (unstable) | 1.0.8-1 | high | ||
| iceweasel | source | (unstable) | 2.0.0.1+dfsg-3 | high | 411192 | |
| mozilla-firefox | source | sarge | 1.0.4-2sarge17 | DSA-1336-1 | ||
| xulrunner | source | (unstable) | 1.8.0.10-1 | high |
MFSA-2007-07
[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)