Mozilla Multiple Product window.location HTTP Referer Header CSRF

2007-11-26T21:48:56
ID OSVDB:38868
Type osvdb
Reporter OSVDB
Modified 2007-11-26T21:48:56

Description

Solution Description

Upgrade to version 2.0.0.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=402649 Vendor Specific Advisory URL Secunia Advisory ID:27797 Secunia Advisory ID:27816 Secunia Advisory ID:27796 Secunia Advisory ID:27979 Secunia Advisory ID:28001 Secunia Advisory ID:27957 Secunia Advisory ID:27725 Secunia Advisory ID:27838 Secunia Advisory ID:28016 Secunia Advisory ID:28277 Secunia Advisory ID:27513 Secunia Advisory ID:27955 Secunia Advisory ID:27793 Secunia Advisory ID:27845 Secunia Advisory ID:27855 Secunia Advisory ID:27944 Secunia Advisory ID:28171 Secunia Advisory ID:28398 Related OSVDB ID: 38867 RedHat RHSA: RHSA-2007:1084 RedHat RHSA: RHSA-2007:1082 Other Advisory URL: http://www.ubuntu.com/usn/usn-546-1 Other Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00070.html Other Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374833 Other Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.365006 Other Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html Other Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00135.html Other Advisory URL: http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260 Other Advisory URL: http://www.us.debian.org/security/2007/dsa-1425 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200712-21.xml Other Advisory URL: HPSBUX02153 SSRT061181 (rev. 7): Other Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01011.html Other Advisory URL: http://www.us.debian.org/security/2007/dsa-1424 Other Advisory URL: http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:246 CVE-2007-5960