CVE Vulnerability

CVE-2007-6589

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://blog.beford.org/?p=8
http://www.mozilla.org/security/announce/2007/mfsa2007-37.html
https://bugzilla.mozilla.org/show_bug.cgi?id=369814
https://bugzilla.mozilla.org/show_bug.cgi?id=403331
http://osvdb.org/43477
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://www.vupen.com/english/advisories/2008/0083
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6033
Configurations

Configuration 1

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Information

Published : 2007-12-28 09:46

Updated : 2017-09-29 01:30

NVD link : CVE-2007-6589

Mitre link : CVE-2007-6589

Products Affected
No products.
CWE
CWE-79