Bug#556272: epiphany-browser: CVE-2007-1084 bookmarklets cross-site info disclosure

-- From: Mike Hommey m...@glandium.org Sent: Monday, November 16, 2009 1:00 PM To: Michael Gilbert michael.s.gilb...@gmail.com; 556...@bugs.debian.org Subject: Re: Bug#556272: epiphany-browser: CVE-2007-1084 bookmarklets cross-site info disclosure On Mon, Nov 16, 2009 at 11:48

Bug#556272: epiphany-browser: CVE-2007-1084 bookmarklets cross-site info disclosure

Le samedi 14 novembre 2009 à 20:36 -0500, Michael Gilbert a écrit : The following CVE (Common Vulnerabilities Exposures) id was published. CVE-2007-1084[0]: | Mozilla Firefox 2.0.0.1 and earlier does not prompt users before | saving bookmarklets, which allows remote attackers to bypass

Bug#556272: epiphany-browser: CVE-2007-1084 bookmarklets cross-site info disclosure

On Mon, Nov 16, 2009 at 09:17:58AM +0100, Josselin Mouette wrote: Le samedi 14 novembre 2009 à 20:36 -0500, Michael Gilbert a écrit : The following CVE (Common Vulnerabilities Exposures) id was published. CVE-2007-1084[0]: | Mozilla Firefox 2.0.0.1 and earlier does not prompt users

Bug#556272: epiphany-browser: CVE-2007-1084 bookmarklets cross-site info disclosure

Le lundi 16 novembre 2009 à 09:37 +0100, Mike Hommey a écrit : On Mon, Nov 16, 2009 at 09:17:58AM +0100, Josselin Mouette wrote: What’s a bookmarklet? I don’t even know whether epiphany supports this. It's javascript code you bookmark and can run on any site. A bit like greasemonkey, but

Bug#556272: epiphany-browser: CVE-2007-1084 bookmarklets cross-site info disclosure

On Mon, 16 Nov 2009 09:53:36 +0100, Josselin Mouette wrote: Le lundi 16 novembre 2009 à 09:37 +0100, Mike Hommey a écrit : On Mon, Nov 16, 2009 at 09:17:58AM +0100, Josselin Mouette wrote: What’s a bookmarklet? I don’t even know whether epiphany supports this. It's javascript code you

Bug#556272: epiphany-browser: CVE-2007-1084 bookmarklets cross-site info disclosure

On Mon, Nov 16, 2009 at 11:25:04AM -0500, Michael Gilbert wrote: On Mon, 16 Nov 2009 09:53:36 +0100, Josselin Mouette wrote: Le lundi 16 novembre 2009 à 09:37 +0100, Mike Hommey a écrit : On Mon, Nov 16, 2009 at 09:17:58AM +0100, Josselin Mouette wrote: What’s a bookmarklet? I don’t

Bug#556272: epiphany-browser: CVE-2007-1084 bookmarklets cross-site info disclosure

On Mon, 16 Nov 2009 17:34:39 +0100, Mike Hommey wrote: On Mon, Nov 16, 2009 at 11:25:04AM -0500, Michael Gilbert wrote: On Mon, 16 Nov 2009 09:53:36 +0100, Josselin Mouette wrote: Le lundi 16 novembre 2009 à 09:37 +0100, Mike Hommey a écrit : On Mon, Nov 16, 2009 at 09:17:58AM +0100,

Bug#556272: epiphany-browser: CVE-2007-1084 bookmarklets cross-site info disclosure

On Mon, Nov 16, 2009 at 11:48:29AM -0500, Michael Gilbert wrote: so, you're saying that this is a good feature and hence must be kept based on the fact that it is currently available in a lot of browsers (i.e. all gecko-based browsers and no webkit/khtml browsers)? It works in (at least)

Bug#556272: epiphany-browser: CVE-2007-1084 bookmarklets cross-site info disclosure

Package: epiphany-browser Version: 2.29.1-2 Severity: serious Tags: security Hi, The following CVE (Common Vulnerabilities Exposures) id was published. CVE-2007-1084[0]: | Mozilla Firefox 2.0.0.1 and earlier does not prompt users before | saving bookmarklets, which allows remote attackers to