Red Hat Bugzilla – Bug 229253
CVE-2007-0981: seamonkey cookie setting / same-domain bypass vulnerability
Last modified: 2007-11-30 17:11:57 EST
"Mozilla based browsers allows remote attackers to bypass the same origin
policy, steal cookies, and conduct other attacks by writing a URI with a null
byte to the hostname (location.hostname) DOM property, due to interactions with
DNS resolver code."
Seamonkey seems vulnerable. See also
The SeaMonkey version in Fedora Extras 6 is 1.0.8.
SeaMonkey 1.0.8 is based on Mozilla technology version 220.127.116.11.
The underlying bug at mozilla.org has been marked as fixed and verified 18.104.22.168
So I conclude this bug has been fixed in seamonkey-1.0.8-0.6.2.fc6 since 2007-03-01.