Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6589

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6589
Last Modified 07 Mar 2011 10:03:14
Published 28 Dec 2007 04:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6589

Summary

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.

Vulnerable Systems

Application

  • Mozilla Firefox 2.0.0.9

  • Mozilla Seamonkey 1.1.6


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=403331

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=369814

VUPEN - ADV-2008-0083

CONFIRM - http://www.mozilla.org/security/announce/2007/mfsa2007-37.html

OSVDB - 43477

HP - SSRT061181

MISC - http://blog.beford.org/?p=8

HP - HPSBUX02153


Last Updated: 27 May 2016 10:47:27