Описание
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-1095
- https://bugzilla.mozilla.org/show_bug.cgi?id=371360
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32647
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32649
- https://issues.rpath.com/browse/RPL-1858
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11665
- https://usn.ubuntu.com/535-1
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://lcamtuf.coredump.cx/ietrap/ff
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html
- http://osvdb.org/33809
- http://secunia.com/advisories/27276
- http://secunia.com/advisories/27298
- http://secunia.com/advisories/27311
- http://secunia.com/advisories/27315
- http://secunia.com/advisories/27325
- http://secunia.com/advisories/27327
- http://secunia.com/advisories/27335
- http://secunia.com/advisories/27336
- http://secunia.com/advisories/27356
- http://secunia.com/advisories/27360
- http://secunia.com/advisories/27383
- http://secunia.com/advisories/27387
- http://secunia.com/advisories/27403
- http://secunia.com/advisories/27414
- http://secunia.com/advisories/27425
- http://secunia.com/advisories/27480
- http://secunia.com/advisories/27665
- http://secunia.com/advisories/27680
- http://secunia.com/advisories/28398
- http://securityreason.com/securityalert/2310
- http://securitytracker.com/id?1018837
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
- http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
- http://www.debian.org/security/2007/dsa-1392
- http://www.debian.org/security/2007/dsa-1396
- http://www.debian.org/security/2007/dsa-1401
- http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
- http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
- http://www.mozilla.org/security/announce/2007/mfsa2007-30.html
- http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
- http://www.redhat.com/support/errata/RHSA-2007-0979.html
- http://www.redhat.com/support/errata/RHSA-2007-0980.html
- http://www.redhat.com/support/errata/RHSA-2007-0981.html
- http://www.securityfocus.com/archive/1/461007/100/0/threaded
- http://www.securityfocus.com/archive/1/461023/100/0/threaded
- http://www.securityfocus.com/archive/1/482876/100/200/threaded
- http://www.securityfocus.com/archive/1/482925/100/0/threaded
- http://www.securityfocus.com/archive/1/482932/100/200/threaded
- http://www.securityfocus.com/bid/22688
- http://www.ubuntu.com/usn/usn-536-1
- http://www.vupen.com/english/advisories/2007/3544
- http://www.vupen.com/english/advisories/2007/3587
- http://www.vupen.com/english/advisories/2008/0083
EPSS
CVE ID
Связанные уязвимости
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not prope ...
ELSA-2007-0979: Critical: firefox security update (CRITICAL)
EPSS