CVE-2007-6589
Published: 28 December 2007
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.
Notes
| Author | Note |
|---|---|
| jdstrand | notified asac (asked if backported code from MFSA-37 fixes this on Dapper) per asac, dapper is fixed |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
firefox Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(1.5.dfsg+1.5.0.14~prepatch071125a-0ubuntu1)
|
| edgy |
Not vulnerable
(2.0.0.11+0nobinonly-0ubuntu0.6.10)
|
|
| feisty |
Not vulnerable
(2.0.0.11+1nobinonly-0ubuntu0.7.4)
|
|
| gutsy |
Not vulnerable
(2.0.0.11+2nobinonly-0ubuntu0.7.10)
|
|
| hardy |
Not vulnerable
(2.0.0.10+2nobinonly-0ubuntu2)
|
|
| intrepid |
Does not exist
|
|
| upstream |
Released
(2.0.0.10)
|
|
|
iceape Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| gutsy |
Ignored
(end of life, was needed)
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
seamonkey Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Released
(1.1.9+nobinonly-0ubuntu1)
|
|
| intrepid |
Released
(1.1.9+nobinonly-0ubuntu1)
|
|
| upstream |
Needs triage
|
|
|
xulrunner Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Ignored
(end of life, was needed)
|
|
| feisty |
Ignored
(end of life, was needed)
|
|
| gutsy |
Released
(1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1)
|
|
| hardy |
Released
(1.8.1.13+nobinonly-0ubuntu1)
|
|
| intrepid |
Released
(1.8.1.13+nobinonly-0ubuntu1)
|
|
| upstream |
Released
(1.8.1.13)
|