Vulnerability Description
Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 2.0 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=full-disclosure&m=117258301222007&w=2Third Party Advisory
- http://marc.info/?l=full-disclosure&m=117259225402112&w=2Third Party Advisory
- http://osvdb.org/35913Broken Link
- http://www.securityfocus.com/archive/1/461437/100/0/threaded
- http://marc.info/?l=full-disclosure&m=117258301222007&w=2Third Party Advisory
- http://marc.info/?l=full-disclosure&m=117259225402112&w=2Third Party Advisory
- http://osvdb.org/35913Broken Link
- http://www.securityfocus.com/archive/1/461437/100/0/threaded
FAQ
What is CVE-2007-1256?
CVE-2007-1256 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.locati...
How severe is CVE-2007-1256?
CVE-2007-1256 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1256?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.