Launchpad.net

CVE 2007-5337

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.

Related bugs and status

CVE-2007-5337 (Candidate) is related to these bugs:

Bug #148942: thunderbird 2.0 not compiled with UNIX (movemail) acccount option.

Summary				In	Importance	Status
	148942	thunderbird 2.0 not compiled with UNIX (movemail) acccount option.		thunderbird (Ubuntu)	Undecided	Fix Released

Bug #150791: firefox package on packages site carries warning about development version

Summary				In	Importance	Status
	150791	firefox package on packages site carries warning about development version		firefox (Ubuntu)	Undecided	Fix Released

Bug #154393: [Firefox] security update release 2.0.0.8 available from upstream

		In	Importance	Status
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Dapper)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Edgy)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Feisty)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Hardy)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Gutsy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-5337

Related bugs and status

Related bugs

References