CVE-2007-6589

NONECVSS 0.0

0.0

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.

🔗 References (16)

cve@mitrehttp://blog.beford.org/?p=8
cve@mitrehttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
cve@mitrehttp://osvdb.org/43477
cve@mitrehttp://www.mozilla.org/security/announce/2007/mfsa2007-37.html
cve@mitrehttp://www.vupen.com/english/advisories/2008/0083
cve@mitrehttps://bugzilla.mozilla.org/show_bug.cgi?id=369814
cve@mitrehttps://bugzilla.mozilla.org/show_bug.cgi?id=403331
cve@mitrehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6033
af854a3a-2127-422b-91ae-364da2661108http://blog.beford.org/?p=8
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/43477
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2007/mfsa2007-37.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0083
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=369814
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=403331

Is Your Infrastructure Affected by CVE-2007-6589?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-6589

📅 Published

🔄 Last Modified

🔗 References (16)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-6589?