CVE-2007-6589 (Firefox, SeaMonkey) |
|
| BugsAlert Home > CVE-2007-6589 (Firefox, SeaMonkey) | |
|
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947. Original Source: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6589 Learn more about CVE-2007-6589 (Firefox, SeaMonkey) |
|
| Tags: cve-2007-6589 firefox seamonkey | |
Related Items |
|
|
CVE-2008-5118 (java_system_identity_manager)
|
|
|
CVE-2008-2135 (ezContents)
|
|
|
Vuln: Apple Safari WebKit Frame Method Cross-Site Scripting Vulnerability
|
|
|
Gentoo Security Update Fixes Link Grammar Buffer Overflow Vulnerability
|
|
|
Bugtraq: [ MDVSA-2008:027 ] - Updated pulseaudio packages fix local root vulnerability
|
|
|
CVE-2008-0472 (Burning Board)
|
|
|
CVE-2008-2966 (JaxUltraBB)
|
|
