Launchpad.net

CVE 2007-5338

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.

Related bugs and status

CVE-2007-5338 (Candidate) is related to these bugs:

Bug #148942: thunderbird 2.0 not compiled with UNIX (movemail) acccount option.

Summary				In	Importance	Status
	148942	thunderbird 2.0 not compiled with UNIX (movemail) acccount option.		thunderbird (Ubuntu)	Undecided	Fix Released

Bug #150791: firefox package on packages site carries warning about development version

Summary				In	Importance	Status
	150791	firefox package on packages site carries warning about development version		firefox (Ubuntu)	Undecided	Fix Released

Bug #154393: [Firefox] security update release 2.0.0.8 available from upstream

		In	Importance	Status
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Dapper)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Edgy)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Feisty)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Hardy)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Gutsy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-5338

Related bugs and status

Related bugs

References