Firefox vulnerabilities

2007-08-0100:00:00

ubuntu.com

6.4 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

JSON

Releases

Ubuntu 7.04
Ubuntu 6.10
Ubuntu 6.06

Details

A flaw was discovered in handling of “about:blank” windows used by
addons. A malicious web site could exploit this to modify the contents,
or steal confidential data (such as passwords), of other web pages.
(CVE-2007-3844)

Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious web page,
an attacker could execute helpers with arbitrary arguments with the
user’s privileges. (CVE-2007-3845)

OSVersionArchitecturePackageVersionFilename
Ubuntu7.04noarchfirefox< 2.0.0.6+1-0ubuntu1UNKNOWN
Ubuntu6.10noarchfirefox< 2.0.0.6+0dfsg-0ubuntu0.6.10UNKNOWN
Ubuntu6.06noarchfirefox< 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	7.04	noarch	firefox	< 2.0.0.6+1-0ubuntu1	UNKNOWN
Ubuntu	6.10	noarch	firefox	< 2.0.0.6+0dfsg-0ubuntu0.6.10	UNKNOWN
Ubuntu	6.06	noarch	firefox	< 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1	UNKNOWN