The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-12-28T21:00:00
Updated: 2017-09-28T12:57:01
Reserved: 2007-12-28T00:00:00
Link: CVE-2007-6589
JSON object: View
NVD Information
Status : Modified
Published: 2007-12-28T21:46:00.000
Modified: 2017-09-29T01:30:00.923
Link: CVE-2007-6589
JSON object: View
Redhat Information
No data.
CWE