 |
|
|
|
Multiple browsers OnUnload event handler different vulnerabilities
updated since 23.02.2007 | | Published: |  | 28.02.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7297 | | Type: |  | client | | Level: |  | 6/10 | | Description: |  | Different memory corruptions because of race conditions in OnUnload handler. In addition address bar spoofing and creation of pages can not be left is possible. |
| Affected: |  | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MOZILLA : Firefox 1.5 | | | | MOZILLA : Firefox 2.0 | | | | MICROSOFT : Windows Vista | | | | OPERA : Opera 9.20 | | CVE: |  | CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092.) | | | | CVE-2007-1095 (Mozilla Firefox does not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.) | | | | CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.) | | | | CVE-2007-1092 (Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.) | | | | CVE-2007-1091 (Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.) |
|
|
|
|
|
|
|
|
