Vulnerability Description
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 2.0.0.7 |
| Mozilla | Seamonkey | <= 1.1.4 |
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://lcamtuf.coredump.cx/ietrap/ff/
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html
- http://osvdb.org/33809
- http://secunia.com/advisories/27276Vendor Advisory
- http://secunia.com/advisories/27298Vendor Advisory
- http://secunia.com/advisories/27311Vendor Advisory
- http://secunia.com/advisories/27315Vendor Advisory
- http://secunia.com/advisories/27325Vendor Advisory
- http://secunia.com/advisories/27327Vendor Advisory
- http://secunia.com/advisories/27335Vendor Advisory
- http://secunia.com/advisories/27336Vendor Advisory
- http://secunia.com/advisories/27356Vendor Advisory
- http://secunia.com/advisories/27360Vendor Advisory
- http://secunia.com/advisories/27383Vendor Advisory
FAQ
What is CVE-2007-1095?
CVE-2007-1095 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location D...
How severe is CVE-2007-1095?
CVE-2007-1095 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1095?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey.