Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5947

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5947
Last Modified 20 Jun 2011 12:00:00
Published 13 Nov 2007 08:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5947

Summary

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.

Vulnerable Systems

Application

  • Mozilla Firefox 2.0.0.1

  • Mozilla Firefox 2.0.0.2

  • Mozilla Firefox 2.0.0.3

  • Mozilla Firefox 2.0.0.4

  • Mozilla Firefox 2.0.0.5

  • Mozilla Firefox 2.0.0.6

  • Mozilla Firefox 2.0.0.7

  • Mozilla Firefox 2.0.0.8

  • Mozilla Firefox 2.0.0.9

  • Mozilla Seamonkey 1.1.1

  • Mozilla Seamonkey 1.1.2

  • Mozilla Seamonkey 1.1.3

  • Mozilla Seamonkey 1.1.4

  • Mozilla Seamonkey 1.1.5

  • Mozilla Seamonkey 1.1.6


References

CERT-VN - VU#715737

FEDORA - FEDORA-2007-3952

FEDORA - FEDORA-2007-4098

FEDORA - FEDORA-2007-4106

FEDORA - FEDORA-2007-756

CONFIRM - https://issues.rpath.com/browse/RPL-1984

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=369814

XF - firefox-jar-uri-xss(38356)

VUPEN - ADV-2008-0643

VUPEN - ADV-2008-0083

VUPEN - ADV-2007-4018

VUPEN - ADV-2007-4002

VUPEN - ADV-2007-3818

UBUNTU - USN-546-1

UBUNTU - USN-546-2

SECTRACK - 1018928

BID - 26385

BUGTRAQ - 20080229 rPSA-2008-0093-1 thunderbird

BUGTRAQ - 20080212 FLEA-2008-0001-1 firefox

REDHAT - RHSA-2007:1084

REDHAT - RHSA-2007:1083

REDHAT - RHSA-2007:1082

CONFIRM - http://www.mozilla.org/security/announce/2007/mfsa2007-37.html

MANDRIVA - MDKSA-2007:246

MISC - http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues

DEBIAN - DSA-1425

DEBIAN - DSA-1424

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0093

SUNALERT - 1018977

SUNALERT - 231441

SLACKWARE - SSA:2007-331-01

SLACKWARE - SSA:2007-333-01

GENTOO - GLSA-200712-21

SECUNIA - 28398

SECUNIA - 28277

SECUNIA - 28171

SECUNIA - 28016

SECUNIA - 28001

SECUNIA - 27979

SECUNIA - 27957

SECUNIA - 27955

SECUNIA - 27944

SECUNIA - 27855

SECUNIA - 27845

SECUNIA - 27838

SECUNIA - 27816

SECUNIA - 27800

SECUNIA - 27797

SECUNIA - 27796

SECUNIA - 27793

SECUNIA - 27605

SUSE - SUSE-SA:2007:066

HP - SSRT061181

MISC - http://bugs.gentoo.org/show_bug.cgi?id=200909

MISC - http://bugs.gentoo.org/show_bug.cgi?id=198965

CONFIRM - http://browser.netscape.com/releasenotes/

CONFIRM - https://issues.rpath.com/browse/RPL-1995

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093

SECUNIA - 29164

HP - HPSBUX02153


Last Updated: 27 May 2016 10:44:56