CVE-2007-5414 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5414): Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses single quote characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5415. CVE-2007-5415 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5415): Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses '/' (slash) characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5414.
mozilla, any clue if the second vulnerability was fixed?
No idea, there aren't any bugs upstream.
CVE-2007-5414 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5414) got fixed in 2.0.0.18 ( http://www.mozilla.org/security/announce/2008/mfsa2008-50.html )
Ready to vote, I vote NO.
(In reply to comment #3) > CVE-2007-5414 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5414) got fixed in > 2.0.0.18 ( http://www.mozilla.org/security/announce/2008/mfsa2008-50.html ) Do you have any data to substantiate this?
Nothing for mozilla team to do here.
noglsa. http://security-tracker.debian.org/tracker/CVE-2007-5414 lists no recent versions as affected