Back to search
CVE-2007-5947
Published: Nov 14, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
27816
third-party-advisory
x_refsource_SECUNIA
http://browser.netscape.com/releasenotes/
x_refsource_CONFIRM
27855
third-party-advisory
x_refsource_SECUNIA
DSA-1424
vendor-advisory
x_refsource_DEBIAN
SUSE-SA:2007:066
vendor-advisory
x_refsource_SUSE
GLSA-200712-21
vendor-advisory
x_refsource_GENTOO
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260
x_refsource_CONFIRM
https://issues.rpath.com/browse/RPL-1995
x_refsource_CONFIRM
28277
third-party-advisory
x_refsource_SECUNIA
http://www.mozilla.org/security/announce/2007/mfsa2007-37.html
x_refsource_CONFIRM
27845
third-party-advisory
x_refsource_SECUNIA
RHSA-2007:1083
vendor-advisory
x_refsource_REDHAT
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
x_refsource_CONFIRM
http://bugs.gentoo.org/show_bug.cgi?id=200909
x_refsource_MISC
oval:org.mitre.oval:def:9873
vdb-entry
signature
x_refsource_OVAL
ADV-2008-0643
vdb-entry
x_refsource_VUPEN
FEDORA-2007-3952
vendor-advisory
x_refsource_FEDORA
RHSA-2007:1082
vendor-advisory
x_refsource_REDHAT
27605
third-party-advisory
x_refsource_SECUNIA
SSA:2007-331-01
vendor-advisory
x_refsource_SLACKWARE
28016
third-party-advisory
x_refsource_SECUNIA
FEDORA-2007-4098
vendor-advisory
x_refsource_FEDORA
HPSBUX02153
vendor-advisory
x_refsource_HP
MDKSA-2007:246
vendor-advisory
x_refsource_MANDRIVA
USN-546-1
vendor-advisory
x_refsource_UBUNTU
ADV-2007-4018
vdb-entry
x_refsource_VUPEN
20080229 rPSA-2008-0093-1 thunderbird
mailing-list
x_refsource_BUGTRAQ
27838
third-party-advisory
x_refsource_SECUNIA
FEDORA-2007-4106
vendor-advisory
x_refsource_FEDORA
20080212 FLEA-2008-0001-1 firefox
mailing-list
x_refsource_BUGTRAQ
ADV-2007-4002
vdb-entry
x_refsource_VUPEN
26385
vdb-entry
x_refsource_BID
1018977
vendor-advisory
x_refsource_SUNALERT
VU#715737
third-party-advisory
x_refsource_CERT-VN
27793
third-party-advisory
x_refsource_SECUNIA
http://bugs.gentoo.org/show_bug.cgi?id=198965
x_refsource_MISC
ADV-2008-0083
vdb-entry
x_refsource_VUPEN
27955
third-party-advisory
x_refsource_SECUNIA
http://wiki.rpath.com/Advisories:rPSA-2008-0093
x_refsource_CONFIRM
USN-546-2
vendor-advisory
x_refsource_UBUNTU
FEDORA-2007-756
vendor-advisory
x_refsource_FEDORA
231441
vendor-advisory
x_refsource_SUNALERT
27957
third-party-advisory
x_refsource_SECUNIA
firefox-jar-uri-xss(38356)
vdb-entry
x_refsource_XF
28398
third-party-advisory
x_refsource_SECUNIA
29164
third-party-advisory
x_refsource_SECUNIA
28001
third-party-advisory
x_refsource_SECUNIA
SSRT061181
vendor-advisory
x_refsource_HP
27796
third-party-advisory
x_refsource_SECUNIA
1018928
vdb-entry
x_refsource_SECTRACK
SSA:2007-333-01
vendor-advisory
x_refsource_SLACKWARE
https://issues.rpath.com/browse/RPL-1984
x_refsource_CONFIRM
27797
third-party-advisory
x_refsource_SECUNIA
27979
third-party-advisory
x_refsource_SECUNIA
28171
third-party-advisory
x_refsource_SECUNIA
27800
third-party-advisory
x_refsource_SECUNIA
RHSA-2007:1084
vendor-advisory
x_refsource_REDHAT
DSA-1425
vendor-advisory
x_refsource_DEBIAN
https://bugzilla.mozilla.org/show_bug.cgi?id=369814
x_refsource_CONFIRM
ADV-2007-3818
vdb-entry
x_refsource_VUPEN
27944
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now