GSD-2007-1095
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2007-1095",
"description": "Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.",
"id": "GSD-2007-1095",
"references": [
"https://www.suse.com/security/cve/CVE-2007-1095.html",
"https://www.debian.org/security/2007/dsa-1401",
"https://www.debian.org/security/2007/dsa-1396",
"https://www.debian.org/security/2007/dsa-1392",
"https://access.redhat.com/errata/RHSA-2007:0981",
"https://access.redhat.com/errata/RHSA-2007:0980",
"https://access.redhat.com/errata/RHSA-2007:0979",
"https://linux.oracle.com/cve/CVE-2007-1095.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2007-1095"
],
"details": "Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.",
"id": "GSD-2007-1095",
"modified": "2023-12-13T01:21:39.780492Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2007-2601",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html"
},
{
"name": "20071026 rPSA-2007-0225-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded"
},
{
"name": "2310",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2310"
},
{
"name": "http://lcamtuf.coredump.cx/ietrap/ff/",
"refsource": "MISC",
"url": "http://lcamtuf.coredump.cx/ietrap/ff/"
},
{
"name": "ADV-2007-3587",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3587"
},
{
"name": "27414",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27414"
},
{
"name": "20071029 FLEA-2007-0062-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded"
},
{
"name": "https://issues.rpath.com/browse/RPL-1858",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1858"
},
{
"name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461023/100/0/threaded"
},
{
"name": "GLSA-200711-14",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml"
},
{
"name": "27360",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27360"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "27298",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27298"
},
{
"name": "27315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27315"
},
{
"name": "1018837",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018837"
},
{
"name": "oval:org.mitre.oval:def:11665",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11665"
},
{
"name": "27327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27327"
},
{
"name": "ADV-2007-3544",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3544"
},
{
"name": "27276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27276"
},
{
"name": "ie-mozilla-onunload-dos(32647)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32647"
},
{
"name": "USN-535-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/535-1/"
},
{
"name": "DSA-1401",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1401"
},
{
"name": "33809",
"refsource": "OSVDB",
"url": "http://osvdb.org/33809"
},
{
"name": "DSA-1392",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1392"
},
{
"name": "RHSA-2007:0980",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0980.html"
},
{
"name": "27383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27383"
},
{
"name": "SUSE-SA:2007:057",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html"
},
{
"name": "27356",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27356"
},
{
"name": "RHSA-2007:0981",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0981.html"
},
{
"name": "ADV-2008-0083",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "http://www.mozilla.org/security/announce/2007/mfsa2007-30.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-30.html"
},
{
"name": "27387",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27387"
},
{
"name": "20070223 Firefox: onUnload tailgating (MSIE7 entrapment bug variant)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461007/100/0/threaded"
},
{
"name": "FEDORA-2007-3431",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html"
},
{
"name": "27403",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27403"
},
{
"name": "ie-mozilla-onunload-url-spoofing(32649)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32649"
},
{
"name": "27336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27336"
},
{
"name": "DSA-1396",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1396"
},
{
"name": "27425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27425"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=371360",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=371360"
},
{
"name": "28398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28398"
},
{
"name": "27311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27311"
},
{
"name": "SSRT061181",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "27325",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27325"
},
{
"name": "MDKSA-2007:202",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202"
},
{
"name": "27665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27665"
},
{
"name": "RHSA-2007:0979",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0979.html"
},
{
"name": "27335",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27335"
},
{
"name": "FEDORA-2007-2664",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html"
},
{
"name": "27480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27480"
},
{
"name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html"
},
{
"name": "27680",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27680"
},
{
"name": "22688",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22688"
},
{
"name": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html"
},
{
"name": "201516",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
},
{
"name": "20071029 rPSA-2007-0225-2 firefox thunderbird",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded"
},
{
"name": "USN-536-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-536-1"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0.0.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1095"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)",
"refsource": "FULLDISC",
"tags": [],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html"
},
{
"name": "http://lcamtuf.coredump.cx/ietrap/ff/",
"refsource": "MISC",
"tags": [],
"url": "http://lcamtuf.coredump.cx/ietrap/ff/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=371360",
"refsource": "MISC",
"tags": [],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=371360"
},
{
"name": "22688",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/22688"
},
{
"name": "http://www.mozilla.org/security/announce/2007/mfsa2007-30.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-30.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-1858",
"refsource": "CONFIRM",
"tags": [],
"url": "https://issues.rpath.com/browse/RPL-1858"
},
{
"name": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html"
},
{
"name": "DSA-1396",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2007/dsa-1396"
},
{
"name": "DSA-1401",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2007/dsa-1401"
},
{
"name": "DSA-1392",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2007/dsa-1392"
},
{
"name": "FEDORA-2007-2601",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html"
},
{
"name": "FEDORA-2007-2664",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html"
},
{
"name": "GLSA-200711-14",
"refsource": "GENTOO",
"tags": [],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml"
},
{
"name": "MDKSA-2007:202",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202"
},
{
"name": "RHSA-2007:0979",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0979.html"
},
{
"name": "RHSA-2007:0980",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0980.html"
},
{
"name": "RHSA-2007:0981",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0981.html"
},
{
"name": "SUSE-SA:2007:057",
"refsource": "SUSE",
"tags": [],
"url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html"
},
{
"name": "USN-536-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/usn-536-1"
},
{
"name": "1018837",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1018837"
},
{
"name": "27276",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27276"
},
{
"name": "27325",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27325"
},
{
"name": "27327",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27327"
},
{
"name": "27335",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27335"
},
{
"name": "27356",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27356"
},
{
"name": "27383",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27383"
},
{
"name": "27425",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27425"
},
{
"name": "27403",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27403"
},
{
"name": "27480",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27480"
},
{
"name": "27387",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27387"
},
{
"name": "27298",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27298"
},
{
"name": "27311",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27311"
},
{
"name": "27315",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27315"
},
{
"name": "27336",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27336"
},
{
"name": "27665",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27665"
},
{
"name": "27414",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27414"
},
{
"name": "2310",
"refsource": "SREASON",
"tags": [],
"url": "http://securityreason.com/securityalert/2310"
},
{
"name": "FEDORA-2007-3431",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html"
},
{
"name": "27680",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27680"
},
{
"name": "27360",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27360"
},
{
"name": "28398",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28398"
},
{
"name": "201516",
"refsource": "SUNALERT",
"tags": [],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
},
{
"name": "33809",
"refsource": "OSVDB",
"tags": [],
"url": "http://osvdb.org/33809"
},
{
"name": "ADV-2007-3544",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2007/3544"
},
{
"name": "ADV-2007-3587",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2007/3587"
},
{
"name": "ADV-2008-0083",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"tags": [],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "ie-mozilla-onunload-url-spoofing(32649)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32649"
},
{
"name": "ie-mozilla-onunload-dos(32647)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32647"
},
{
"name": "oval:org.mitre.oval:def:11665",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11665"
},
{
"name": "USN-535-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/535-1/"
},
{
"name": "20071029 rPSA-2007-0225-2 firefox thunderbird",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded"
},
{
"name": "20071029 FLEA-2007-0062-1 firefox",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded"
},
{
"name": "20071026 rPSA-2007-0225-1 firefox",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded"
},
{
"name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/461023/100/0/threaded"
},
{
"name": "20070223 Firefox: onUnload tailgating (MSIE7 entrapment bug variant)",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/461007/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2018-10-16T16:36Z",
"publishedDate": "2007-02-26T17:28Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…