1. Home
  2. Vulnerabilities
  3. CVE-2007-6589

CVE-2007-6589

CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.89 % (83th)
0.89% Progress
Affected Products 2
Info CVSS EPSS CAPEC Affected Configurations References Tools, Exploits & PoC Graph Web & Social Timeline

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2007-12-28 21:46:00
(16 years ago)
Updated Date
2017-09-29 01:30:00
(7 years ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox 2.0.0.9 and prior versions cpe:2.3:a:mozilla:firefox <= 2.0.0.9
  Mozilla Seamonkey 1.1.6 and prior versions cpe:2.3:a:mozilla:seamonkey <= 1.1.6