CVE-2007-1095 Information

Feb 14, 2021 cve

Description

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.

Reference

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lcamtuf.coredump.cx/ietrap/ff/ http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html http://osvdb.org/33809 http://secunia.com/advisories/27276 http://secunia.com/advisories/27298 http://secunia.com/advisories/27311 http://secunia.com/advisories/27315 http://secunia.com/advisories/27325 http://secunia.com/advisories/27327 http://secunia.com/advisories/27335 http://secunia.com/advisories/27336 http://secunia.com/advisories/27356 http://secunia.com/advisories/27360 http://secunia.com/advisories/27383 http://secunia.com/advisories/27387 http://secunia.com/advisories/27403 http://secunia.com/advisories/27414 http://secunia.com/advisories/27425 http://secunia.com/advisories/27480 http://secunia.com/advisories/27665 http://secunia.com/advisories/27680 http://secunia.com/advisories/28398 http://securityreason.com/securityalert/2310 http://securitytracker.com/id?1018837 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1 http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html http://www.debian.org/security/2007/dsa-1392 http://www.debian.org/security/2007/dsa-1396 http://www.debian.org/security/2007/dsa-1401 http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202 http://www.mozilla.org/security/announce/2007/mfsa2007-30.html http://www.novell.com/linux/security/advisories/2007_57_mozilla.html http://www.redhat.com/support/errata/RHSA-2007-0979.html http://www.redhat.com/support/errata/RHSA-2007-0980.html http://www.redhat.com/support/errata/RHSA-2007-0981.html http://www.securityfocus.com/archive/1/461007/100/0/threaded http://www.securityfocus.com/archive/1/461023/100/0/threaded http://www.securityfocus.com/archive/1/482876/100/200/threaded http://www.securityfocus.com/archive/1/482925/100/0/threaded http://www.securityfocus.com/archive/1/482932/100/200/threaded http://www.securityfocus.com/bid/22688 http://www.ubuntu.com/usn/usn-536-1 http://www.vupen.com/english/advisories/2007/3544 http://www.vupen.com/english/advisories/2007/3587 http://www.vupen.com/english/advisories/2008/0083 https://bugzilla.mozilla.org/show_bug.cgi?id=371360 https://exchange.xforce.ibmcloud.com/vulnerabilities/32647 https://exchange.xforce.ibmcloud.com/vulnerabilities/32649 ie-mozilla-onunload-url-spoofing(32649) https://issues.rpath.com/browse/RPL-1858 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11665 https://usn.ubuntu.com/535-1/ https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html

Share on: