CVE-2007-2871

N/A Unknown

Published: June 01, 2007 Modified: April 23, 2026

Description

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Source: secalert@redhat.com

http://osvdb.org/35137

Source: secalert@redhat.com

http://secunia.com/advisories/25469

Source: secalert@redhat.com

http://secunia.com/advisories/25476

Source: secalert@redhat.com

http://secunia.com/advisories/25488

Source: secalert@redhat.com

http://secunia.com/advisories/25490

Source: secalert@redhat.com

http://secunia.com/advisories/25491

Source: secalert@redhat.com

http://secunia.com/advisories/25533

Source: secalert@redhat.com

http://secunia.com/advisories/25534

Source: secalert@redhat.com

http://secunia.com/advisories/25559

Source: secalert@redhat.com

http://secunia.com/advisories/25635

Source: secalert@redhat.com

http://secunia.com/advisories/25647

Source: secalert@redhat.com

http://secunia.com/advisories/25685

Source: secalert@redhat.com

http://secunia.com/advisories/25750

Source: secalert@redhat.com

http://secunia.com/advisories/25858

Source: secalert@redhat.com

http://security.gentoo.org/glsa/glsa-200706-06.xml

Source: secalert@redhat.com

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857

Source: secalert@redhat.com

http://www.debian.org/security/2007/dsa-1300

Source: secalert@redhat.com

http://www.debian.org/security/2007/dsa-1306

Source: secalert@redhat.com

http://www.debian.org/security/2007/dsa-1308

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDKSA-2007:120

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDKSA-2007:126

Source: secalert@redhat.com

http://www.mozilla.org/security/announce/2007/mfsa2007-17.html

Source: secalert@redhat.com

Vendor Advisory

http://www.novell.com/linux/security/advisories/2007_36_mozilla.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2007-0400.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2007-0401.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2007-0402.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/470172/100/200/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/24242

Source: secalert@redhat.com

http://www.securitytracker.com/id?1018155

Source: secalert@redhat.com

http://www.securitytracker.com/id?1018156

Source: secalert@redhat.com

http://www.ubuntu.com/usn/usn-468-1

Source: secalert@redhat.com

http://www.us-cert.gov/cas/techalerts/TA07-151A.html

Source: secalert@redhat.com

US Government Resource

http://www.vupen.com/english/advisories/2007/1994

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/34606

Source: secalert@redhat.com

https://issues.rpath.com/browse/RPL-1424

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11433

Source: secalert@redhat.com

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742