[VU:715737] Mozilla-based browsers jar: URI cross-site scripting vulnerability
Overview
Mozilla-based web browsers including Firefox contain a vulnerability that may allow an attacker to execute code, or conduct cross-site scripting attacks.
Impact
This vulnerability may allow an attacker to execute cross-site scripting attacks on sites that allow users to upload pictures, archives, or other files.
Solution
This vulnerability is addressed in Mozilla Firefox 2.0.0.10: From MFSA 2007-37: Support for the jar: URI scheme has been restricted to files served with a Content-Type header of application/java-archive or application/x-jar. Web applications that require signed pages must make sure their .jar archives are served with this Content-Type. Sites that allow users to upload binary files should make sure they do not allow these files to have one of these two MIME types.
Acknowledgements
This vulnerability was disclosed by PDP on the
GNUCITIZEN
website.
- ID
- VU:715737
- Severity
- medium
- Severity from
- CVE-2007-5947
- URL
- https://kb.cert.org/vuls/id/715737
- Published
-
2007-11-08T20:48:09
(17 years ago) - Modified
-
2008-11-20T16:16:20
(16 years ago) - Rights
- Copyright 2007, CERT Coordination Center (CERT/CC)
- Other Advisories
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |