Computer Security
[EN] securityvulns.ru no-pyccku


Mozilla Forefox jar: URL crossite scripting
updated since 12.11.2007
Published:27.11.2007
Source:
SecurityVulns ID:8333
Type:remote
Threat Level:
6/10
Description:It's possible to fire crossite scripting attack via jar: protocol by uploading JAR, DOC, ZIP, etc files.
Affected:MOZILLA : Firefox 2.0
 MOZILLA : SeaMonkey 1.1
 XULRUNNER : xulrunner 1.8
CVE:CVE-2007-5947 (The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.)
Original documentdocumentMOZILLA, Mozilla Foundation Security Advisory 2007-37 (27.11.2007)
 documentPDP, Web Mayhem: Firefox’s JAR: Protocol issues (12.11.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod