SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2007-1095

Date: (C)2007-02-26 (M)2023-12-22

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1018837

http://www.securityfocus.com/archive/1/461007/100/0/threaded

http://www.securityfocus.com/archive/1/461023/100/0/threaded

http://www.securityfocus.com/archive/1/482876/100/200/threaded

http://www.securityfocus.com/archive/1/482925/100/0/threaded

http://www.securityfocus.com/archive/1/482932/100/200/threaded

SUNALERT-201516

FEDORA-2007-2601

FEDORA-2007-2664

FEDORA-2007-3431

SUSE-SA:2007:057

http://lcamtuf.coredump.cx/ietrap/ff/

http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

http://www.mozilla.org/security/announce/2007/mfsa2007-30.html

https://bugzilla.mozilla.org/show_bug.cgi?id=371360

https://issues.rpath.com/browse/RPL-1858

ie-mozilla-onunload-dos(32647)

ie-mozilla-onunload-url-spoofing(32649)

oval:org.mitre.oval:def:11665

cpe:/a:mozilla:firefox:1.5.0.4
cpe:/a:mozilla:firefox:1.5.0.3
cpe:/a:mozilla:firefox:1.5.0.2
cpe:/a:mozilla:firefox:1.5:beta2
...

© SecPod Technologies