Back to search
CVE-2007-6589
Published: Dec 28, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugzilla.mozilla.org/show_bug.cgi?id=403331
x_refsource_CONFIRM
http://www.mozilla.org/security/announce/2007/mfsa2007-37.html
x_refsource_CONFIRM
HPSBUX02153
vendor-advisory
x_refsource_HP
http://blog.beford.org/?p=8
x_refsource_MISC
ADV-2008-0083
vdb-entry
x_refsource_VUPEN
43477
vdb-entry
x_refsource_OSVDB
oval:org.mitre.oval:def:6033
vdb-entry
signature
x_refsource_OVAL
SSRT061181
vendor-advisory
x_refsource_HP
https://bugzilla.mozilla.org/show_bug.cgi?id=369814
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now