CVE-2007-1095

medium

Description

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.

References

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html

https://usn.ubuntu.com/535-1/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11665

https://issues.rpath.com/browse/RPL-1858

https://exchange.xforce.ibmcloud.com/vulnerabilities/32649

https://exchange.xforce.ibmcloud.com/vulnerabilities/32647

https://bugzilla.mozilla.org/show_bug.cgi?id=371360

http://www.vupen.com/english/advisories/2008/0083

http://www.vupen.com/english/advisories/2007/3587

http://www.vupen.com/english/advisories/2007/3544

http://www.ubuntu.com/usn/usn-536-1

http://www.securityfocus.com/bid/22688

http://www.securityfocus.com/archive/1/482932/100/200/threaded

http://www.securityfocus.com/archive/1/482925/100/0/threaded

http://www.securityfocus.com/archive/1/482876/100/200/threaded

http://www.securityfocus.com/archive/1/461023/100/0/threaded

http://www.securityfocus.com/archive/1/461007/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2007-0981.html

http://www.redhat.com/support/errata/RHSA-2007-0980.html

http://www.redhat.com/support/errata/RHSA-2007-0979.html

http://www.novell.com/linux/security/advisories/2007_57_mozilla.html

http://www.mozilla.org/security/announce/2007/mfsa2007-30.html

http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202

http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml

http://www.debian.org/security/2007/dsa-1401

http://www.debian.org/security/2007/dsa-1396

http://www.debian.org/security/2007/dsa-1392

http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

http://securitytracker.com/id?1018837

http://securityreason.com/securityalert/2310

http://secunia.com/advisories/28398

http://secunia.com/advisories/27680

http://secunia.com/advisories/27665

http://secunia.com/advisories/27480

http://secunia.com/advisories/27425

http://secunia.com/advisories/27414

http://secunia.com/advisories/27403

http://secunia.com/advisories/27387

http://secunia.com/advisories/27383

http://secunia.com/advisories/27360

http://secunia.com/advisories/27356

http://secunia.com/advisories/27336

http://secunia.com/advisories/27335

http://secunia.com/advisories/27327

http://secunia.com/advisories/27325

http://secunia.com/advisories/27315

http://secunia.com/advisories/27311

http://secunia.com/advisories/27298

http://secunia.com/advisories/27276

http://osvdb.org/33809

http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html

http://lcamtuf.coredump.cx/ietrap/ff/

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Details

Source: Mitre, NVD

Published: 2007-02-26

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium