Lucene search
Ubuntu.comUB:CVE-2007-6589HistoryDec 28, 2007 - 12:00 a.m.
CVE-2007-6589
2007-12-2800:00:00
ubuntu.com
ubuntu.com
10
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
71.0%
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey
before 1.1.7 does not update the origin domain when retrieving the inner
URL parameter yields an HTTP redirect, which allows remote attackers to
conduct cross-site scripting (XSS) attacks via a jar: URI, a different
vulnerability than CVE-2007-5947.
Notes
| Author | Note |
|---|---|
| jdstrand | notified asac (asked if backported code from MFSA-37 fixes this on Dapper) per asac, dapper is fixed |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 8.04 | noarch | seamonkey | < 1.1.9+nobinonly-0ubuntu1 | UNKNOWN |
| ubuntu | 8.10 | noarch | seamonkey | < 1.1.9+nobinonly-0ubuntu1 | UNKNOWN |
| ubuntu | 7.10 | noarch | xulrunner | < 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1 | UNKNOWN |
| ubuntu | 8.04 | noarch | xulrunner | < 1.8.1.13+nobinonly-0ubuntu1 | UNKNOWN |
| ubuntu | 8.10 | noarch | xulrunner | < 1.8.1.13+nobinonly-0ubuntu1 | UNKNOWN |
Related
prion
prion
Cross site scripting
2007-12-28 21:46:00
Cross site scripting
2007-11-14 01:46:00
cve
cve
CVE-2007-6589
2007-12-28 21:46:00
CVE-2007-5947
2007-11-14 01:46:00
securityvulns
securityvulns
Mozilla Forefox jar: URL crossite scripting
2007-11-27 00:00:00
Mozilla Foundation Security Advisory 2007-37
2007-11-27 00:00:00
mozilla
mozilla
jar: URI scheme XSS hazard — Mozilla
2007-11-26 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-04-10 00:18:41
cert
cert
Mozilla-based browsers jar: URI cross-site scripting vulnerability
2007-11-08 00:00:00
ubuntucve
ubuntucve
CVE-2007-5947
2007-11-14 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: firefox-1.5.0.12-7.fc6
2007-12-03 15:43:57
openvas
openvas
Fedora Update for openvrml FEDORA-2007-3962
2009-02-27 00:00:00
Fedora Update for Miro FEDORA-2007-3962
2009-02-27 00:00:00
Fedora Update for chmsee FEDORA-2007-3962
2009-02-27 00:00:00
nessus
nessus
RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:1084)
2007-11-29 00:00:00
Ubuntu 6.10 / 7.04 / 7.10 : firefox regression (USN-546-2)
2007-12-07 00:00:00
CentOS 3 / 4 : seamonkey (CESA-2007:1084)
2009-04-23 00:00:00
centos
centos
firefox security update
2007-11-29 13:07:34
seamonkey security update
2007-11-28 19:08:58
seamonkey security update
2007-11-30 03:00:22
oraclelinux
oraclelinux
Critical: firefox security update
2007-11-27 00:00:00
Moderate: thunderbird security update
2007-12-19 00:00:00
Critical: seamonkey security update
2007-11-27 00:00:00
osv
osv
iceweasel - several vulnerabilities
2007-12-08 00:00:00
xulrunner - several vulnerabilities
2007-12-08 00:00:00
iceape
2008-03-28 00:00:00
suse
suse
remote code execution in MozillaFirefox
2007-12-05 17:10:54
ubuntu
ubuntu
Firefox vulnerabilities
2007-11-26 00:00:00
Firefox regression
2007-12-04 00:00:00
redhat
redhat
(RHSA-2007:1084) Critical: seamonkey security update
2007-11-26 00:00:00
(RHSA-2007:1082) Critical: firefox security update
2007-11-26 00:00:00
(RHSA-2007:1083) Moderate: thunderbird security update
2007-12-19 00:00:00
debian
debian
[SECURITY] [DSA 1425-1] New xulrunner packages fix several vulnerabilities
2007-12-08 11:40:53
[SECURITY] [DSA 1424-1] New iceweasel packages fix several vulnerabilities
2007-12-08 11:34:00
gentoo
gentoo
Mozilla Firefox, SeaMonkey: Multiple vulnerabilities
2007-12-29 00:00:00
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
71.0%
Related for UB:CVE-2007-6589