Cross site scripting

🗓️ 28 Dec 2007 21:46:00Reported by PRIOn knowledge baseType

prion

prion🔗 www.prio-n.com👁 16 Views

The jar protocol handler in Mozilla Firefox and SeaMonkey allows cross-site scripting attacks via jar: UR

Reporter	Title	Published	Views	Family All 180
Tenable Nessus	Mozilla Firefox < 2.0.0.10 Multiple Vulnerabilities	27 Nov 200700:00	–	nessus
Tenable Nessus	SeaMonkey < 1.1.7 Multiple Vulnerabilities	27 Nov 200700:00	–	nessus
Tenable Nessus	CentOS 4 : firefox (CESA-2007:1082)	23 Apr 200900:00	–	nessus
Tenable Nessus	CentOS 4 / 5 : thunderbird (CESA-2007:1083)	24 Dec 200700:00	–	nessus
Tenable Nessus	CentOS 3 / 4 : seamonkey (CESA-2007:1084)	23 Apr 200900:00	–	nessus
Tenable Nessus	Debian DSA-1424-1 : iceweasel - several vulnerabilities	11 Dec 200700:00	–	nessus
Tenable Nessus	Debian DSA-1425-1 : xulrunner - several vulnerabilities	11 Dec 200700:00	–	nessus
Tenable Nessus	Fedora 7 : Miro-1.0-2.fc7 / blam-1.8.3-10.fc7 / chmsee-1.0.0-1.27.fc7 / devhelp-0.13-12.fc7 / etc (2007-3952)	29 Nov 200700:00	–	nessus
Tenable Nessus	Fedora 8 : Miro-1.0-2.fc8 / blam-1.8.3-12.fc8 / chmsee-1.0.0-1.27.fc8 / devhelp-0.16.1-4.fc8 / etc (2007-3962)	29 Nov 200700:00	–	nessus
Tenable Nessus	Fedora 8 : seamonkey-1.1.7-1.fc8 (2007-4098)	11 Dec 200700:00	–	nessus

Source	Link
blog	www.blog.beford.org/
mozilla	www.mozilla.org/security/announce/2007/mfsa2007-37.html
bugzilla	www.bugzilla.mozilla.org/show_bug.cgi
bugzilla	www.bugzilla.mozilla.org/show_bug.cgi
osvdb	www.osvdb.org/43477
h20000	www.h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp
vupen	www.vupen.com/english/advisories/2008/0083
oval	www.oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6033

29 Sep 2017 01:30Current

5.5Medium risk

Vulners AI Score5.5

EPSS0.07915

mozilla firefox seamonkey cross-site scripting