CVE-2007-1084

Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	*	2.0.0.1 (including)
Firefox	Mozilla	0.8 (including)	0.8 (including)
Firefox	Mozilla	0.9 (including)	0.9 (including)
Firefox	Mozilla	0.9.1 (including)	0.9.1 (including)
Firefox	Mozilla	0.9.2 (including)	0.9.2 (including)
Firefox	Mozilla	0.9.3 (including)	0.9.3 (including)
Firefox	Mozilla	0.10 (including)	0.10 (including)
Firefox	Mozilla	0.10.1 (including)	0.10.1 (including)
Firefox	Mozilla	1.0 (including)	1.0 (including)
Firefox	Mozilla	1.0.1 (including)	1.0.1 (including)
Firefox	Mozilla	1.0.2 (including)	1.0.2 (including)
Firefox	Mozilla	1.0.3 (including)	1.0.3 (including)
Firefox	Mozilla	1.0.4 (including)	1.0.4 (including)
Firefox	Mozilla	1.0.5 (including)	1.0.5 (including)
Firefox	Mozilla	1.0.6 (including)	1.0.6 (including)
Firefox	Mozilla	1.0.7 (including)	1.0.7 (including)
Firefox	Mozilla	1.0.8 (including)	1.0.8 (including)
Firefox	Mozilla	1.5 (including)	1.5 (including)
Firefox	Mozilla	1.5.0.1 (including)	1.5.0.1 (including)
Firefox	Mozilla	1.5.0.2 (including)	1.5.0.2 (including)
Firefox	Mozilla	1.5.0.3 (including)	1.5.0.3 (including)
Firefox	Mozilla	1.5.0.4 (including)	1.5.0.4 (including)
Firefox	Mozilla	1.5.0.5 (including)	1.5.0.5 (including)
Firefox	Mozilla	1.5.0.6 (including)	1.5.0.6 (including)
Firefox	Mozilla	1.5.0.7 (including)	1.5.0.7 (including)
Firefox	Mozilla	1.5.0.8 (including)	1.5.0.8 (including)
Firefox	Mozilla	1.5.0.9 (including)	1.5.0.9 (including)
Firefox	Mozilla	1.5.6 (including)	1.5.6 (including)
Firefox	Mozilla	1.5.8 (including)	1.5.8 (including)
Firefox	Mozilla	2.0 (including)	2.0 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-1084
CWE	https://cwe.mitre.org/data/definitions/16.html

Affected Software

References