229253 – (CVE-2007-0981) CVE-2007-0981: seamonkey cookie setting / same-domain bypass vulnerability

Bug 229253 (CVE-2007-0981) - CVE-2007-0981: seamonkey cookie setting / same-domain bypass vulnerability

Summary: CVE-2007-0981: seamonkey cookie setting / same-domain bypass vulnerability

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2007-0981
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Kai Engert (:kaie) (inactive account)
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-02-19 19:24 UTC by Ville Skyttä
Modified:	2019-09-29 12:19 UTC (History)
CC List:	1 user (show)
Fixed In Version:	seamonkey-1.0.8-0.6.2.fc6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-04-17 23:26:11 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Mozilla Foundation	370445	0	None	None	None	Never

Description Ville Skyttä 2007-02-19 19:24:44 UTC

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0981

"Mozilla based browsers allows remote attackers to bypass the same origin
policy, steal cookies, and conduct other attacks by writing a URI with a null
byte to the hostname (location.hostname) DOM property, due to interactions with
DNS resolver code."

Seamonkey seems vulnerable.  See also
https://bugzilla.mozilla.org/show_bug.cgi?id=370445

Comment 1 Kai Engert (:kaie) (inactive account) 2007-04-17 23:26:11 UTC

The SeaMonkey version in Fedora Extras 6 is 1.0.8.

SeaMonkey 1.0.8 is based on Mozilla technology version 1.8.0.10.

The underlying bug at mozilla.org has been marked as fixed and verified 1.8.0.10

So I conclude this bug has been fixed in seamonkey-1.0.8-0.6.2.fc6 since 2007-03-01.

Note You need to log in before you can comment on or make changes to this bug.