CVE-2007-5947

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.

🔗 References (122)

• cve@mitrehttp://browser.netscape.com/releasenotes/
• cve@mitrehttp://bugs.gentoo.org/show_bug.cgi?id=198965
• cve@mitrehttp://bugs.gentoo.org/show_bug.cgi?id=200909
• cve@mitrehttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
• cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html
• cve@mitrehttp://secunia.com/advisories/27605
• cve@mitrehttp://secunia.com/advisories/27793
• cve@mitrehttp://secunia.com/advisories/27796
• cve@mitrehttp://secunia.com/advisories/27797
• cve@mitrehttp://secunia.com/advisories/27800
• cve@mitrehttp://secunia.com/advisories/27816
• cve@mitrehttp://secunia.com/advisories/27838
• cve@mitrehttp://secunia.com/advisories/27845
• cve@mitrehttp://secunia.com/advisories/27855
• cve@mitrehttp://secunia.com/advisories/27944