CVE-2007-1084

Description

Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.

How to fix CVE-2007-1084

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Debian/epiphany-browser—no fix listed

Is CVE-2007-1084 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-1084