Regarding this new security issue in Bugzilla, #229253, at
This same issue ought to also exist in the FC5 seamonkey, which has been
created and maintained as a Fedora Core Mozilla replacement, replacing a
former seamonkey package in Fedora Extras. But now that seamonkey is in
core, I don't see how we can file a bug for CVE-2007-0981 against FC5's
Seamonkey? There exists no "seamonkey" component in Bugzilla for Fedora
Core 5. Martin Stransky appears to be the fellow who has taken on work
regarding Seamonkey for FC5, as the Mozilla replacement.
Who should address fixing up Bugzilla's package database, so this so a bug
can be properly filed on the FC5 version of Seamonkey for this
CVE-2007-0981 issue and future issues, and an errata issued? The bug on
"seamonkey missing as Fedora Core component," Bug #222811, has been open
for a month with no response. Who properly owns it?
Summary: CVE-2007-0981: seamonkey cookie setting /
Product: Fedora Extras
"Mozilla based browsers allows remote attackers to bypass the same origin
policy, steal cookies, and conduct other attacks by writing a URI with a null
byte to the hostname (location.hostname) DOM property, due to interactions with
DNS resolver code."
Seamonkey seems vulnerable. See also