[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-1092Date: (C)2007-02-26   (M)2023-12-22


Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1017701
20070202-01-P
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0525.html
http://www.securityfocus.com/archive/1/461024/100/0/threaded
20070301-01-P
BID-22679
SREASON-2302
SECUNIA-24333
SECUNIA-24343
SECUNIA-24384
SECUNIA-24395
SECUNIA-24457
SECUNIA-24650
OSVDB-32103
HPSBUX02153
MDKSA-2007:050
RHSA-2007:0078
SSA:2007-066-05
SUSE-SA:2007:019
SUSE-SA:2007:022
USN-428-1
VU#393921
http://www.mozilla.org/security/announce/2007/mfsa2007-08.html
https://bugzilla.mozilla.org/show_bug.cgi?id=371321
https://issues.rpath.com/browse/RPL-1103
ie-mozilla-onunload-dos(32647)
mozilla-onunload-code-execution(32648)
oval:org.mitre.oval:def:11158

CPE    3
cpe:/a:mozilla:firefox:1.5.0.9
cpe:/a:mozilla:seamonkey
cpe:/a:mozilla:firefox:2.0.0.1

© SecPod Technologies