CVE-2007-5947
Published Nov 14, 2007
Last updated 6 years ago
Overview
- Description
- The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F02B3261-6167-4C75-A6E0-EE6EC80AEF03",
"versionEndIncluding": "2.0.0.9"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F3D956DC-C73B-439F-8D79-8239207CC76F"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57E2C7E7-56C0-466C-BB08-5EB43922C4F9"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "462E135A-5616-46CC-A9C0-5A7A0526ACC6"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6121F9C1-F4DF-4AAB-9E51-AC1592AA5639"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58D44634-A0B5-4F05-8983-B08D392EC742"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB3AC3D3-FDD7-489F-BDCF-BDB55DF33A8B"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4105171B-9C90-4ABF-B220-A35E7BA9EE40"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20985549-DB24-4B69-9D40-208A47AE658E"
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F1A12AA-448B-4DF3-AC60-794433E2628B",
"versionEndIncluding": "1.1.6"
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40270FBD-744A-49D9-9FFA-1DCD897210D7"
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20E01097-F60A-4FB2-BA47-84A267EE87D6"
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F65732F-317B-49A2-B9B0-FA1102B8B45C"
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB430F19-069A-43FD-9097-586D4449D327"
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76AD0439-3BFB-4AD1-8E2C-99D0B099FA8C"
}
],
"operator": "OR"
}
]
}
]