Vulnerabilities > CVE-2007-5947 - Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Embedding Scripts in Non-Script Elements This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (<img>), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an attacker to tunnel through the application's elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote attacker to collect and interpret the output of said attack.
- Embedding Scripts within Scripts An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
- Cross-Site Scripting in Error Pages An attacker distributes a link (or possibly some other query structure) with a request to a third party web server that is malformed and also contains a block of exploit code in order to have the exploit become live code in the resulting error page. When the third party web server receives the crafted request and notes the error it then creates an error message that echoes the malformed message, including the exploit. Doing this converts the exploit portion of the message into to valid language elements that are executed by the viewing browser. When a victim executes the query provided by the attacker the infected error message error message is returned including the exploit code which then runs in the victim's browser. XSS can result in execution of code as well as data leakage (e.g. session cookies can be sent to the attacker). This type of attack is especially dangerous since the exploit appears to come from the third party web server, who the victim may trust and hence be more vulnerable to deception.
- Cross-Site Scripting Using Alternate Syntax The attacker uses alternate forms of keywords or commands that result in the same action as the primary form but which may not be caught by filters. For example, many keywords are processed in a case insensitive manner. If the site's web filtering algorithm does not convert all tags into a consistent case before the comparison with forbidden keywords it is possible to bypass filters (e.g., incomplete black lists) by using an alternate case structure. For example, the "script" tag using the alternate forms of "Script" or "ScRiPt" may bypass filters where "script" is the only form tested. Other variants using different syntax representations are also possible as well as using pollution meta-characters or entities that are eventually ignored by the rendering engine. The attack can result in the execution of otherwise prohibited functionality.
Nessus
NASL family Windows NASL id SEAMONKEY_117.NASL description The installed version of SeaMonkey is affected by various security issues : - Three bugs that can result in crashes with traces of memory corruption - A cross-site scripting vulnerability involving support for the last seen 2020-06-01 modified 2020-06-02 plugin id 28374 published 2007-12-02 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28374 title SeaMonkey < 1.1.7 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(28374); script_version("1.15"); script_cve_id("CVE-2007-5947", "CVE-2007-5959", "CVE-2007-5960"); script_bugtraq_id(26385, 26589, 26593); script_name(english:"SeaMonkey < 1.1.7 Multiple Vulnerabilities"); script_summary(english:"Checks version of SeaMonkey"); script_set_attribute(attribute:"synopsis", value: "A web browser on the remote host is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "The installed version of SeaMonkey is affected by various security issues : - Three bugs that can result in crashes with traces of memory corruption - A cross-site scripting vulnerability involving support for the 'jar:' URI scheme - A timing issue when setting the 'window.location' property that could be leveraged to conduct cross-site request forgery attacks." ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-37/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-38/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-39/" ); script_set_attribute(attribute:"solution", value: "Upgrade to SeaMonkey 1.1.7 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(22, 79); script_set_attribute(attribute:"plugin_publication_date", value: "2007/12/02"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/11/09"); script_cvs_date("Date: 2018/07/27 18:38:15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("SeaMonkey/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item("SMB/transport"); if (!port) port = 445; installs = get_kb_list("SMB/SeaMonkey/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey"); mozilla_check_version(installs:installs, product:'seamonkey', fix:'1.1.7', severity:SECURITY_HOLE);NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-4758.NASL description This update brings Mozilla Firefox to security update version 2.0.0.10 Following security problems were fixed: MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. MFSA 2007-38 / CVE-2007-5959: The Firefox 2.0.0.10 update contains fixes for three bugs that improve the stability of the product. These crashes showed some evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2007-39 / CVE-2007-5960: Gregory Fleischer demonstrated that it was possible to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property. This could be used to conduct a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header as protection against such attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 28369 published 2007-11-30 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28369 title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-4758) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1425.NASL description Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5947 Jesse Ruderman and Petko D. Petkov discovered that the URI handler for JAR archives allows cross-site scripting. - CVE-2007-5959 Several crashes in the layout engine were discovered, which might allow the execution of arbitrary code. - CVE-2007-5960 Gregory Fleischer discovered a race condition in the handling of the last seen 2020-06-01 modified 2020-06-02 plugin id 29260 published 2007-12-11 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29260 title Debian DSA-1425-1 : xulrunner - several vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-1084.NASL description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A cross-site scripting flaw was found in the way SeaMonkey handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running SeaMonkey. (CVE-2007-5947) Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-5959) A race condition existed when SeaMonkey set the last seen 2020-06-01 modified 2020-06-02 plugin id 36661 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36661 title CentOS 3 / 4 : seamonkey (CESA-2007:1084) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1424.NASL description Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5947 Jesse Ruderman and Petko D. Petkov discovered that the URI handler for JAR archives allows cross-site scripting. - CVE-2007-5959 Several crashes in the layout engine were discovered, which might allow the execution of arbitrary code. - CVE-2007-5960 Gregory Fleischer discovered a race condition in the handling of the last seen 2020-06-01 modified 2020-06-02 plugin id 29259 published 2007-12-11 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29259 title Debian DSA-1424-1 : iceweasel - several vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-546-1.NASL description It was discovered that Firefox incorrectly associated redirected sites as the origin of last seen 2020-06-01 modified 2020-06-02 plugin id 28358 published 2007-11-29 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28358 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-546-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200712-21.NASL description The remote host is affected by the vulnerability described in GLSA-200712-21 (Mozilla Firefox, SeaMonkey: Multiple vulnerabilities) Jesse Ruderman and Petko D. Petkov reported that the jar protocol handler in Mozilla Firefox and SeaMonkey does not properly check MIME types (CVE-2007-5947). Gregory Fleischer reported that the window.location property can be used to generate a fake HTTP Referer (CVE-2007-5960). Multiple memory errors have also been reported (CVE-2007-5959). Impact : A remote attacker could possibly exploit these vulnerabilities to execute arbitrary code in the context of the browser and conduct Cross-Site-Scripting or Cross-Site Request Forgery attacks. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 29818 published 2007-12-31 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29818 title GLSA-200712-21 : Mozilla Firefox, SeaMonkey: Multiple vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-1083.NASL description Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A cross-site scripting flaw was found in the way Thunderbird handled the jar: URI scheme. It may be possible for a malicious HTML mail message to leverage this flaw, and conduct a cross-site scripting attack against a user running Thunderbird. (CVE-2007-5947) Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2007-5959) A race condition existed when Thunderbird set the last seen 2020-06-01 modified 2020-06-02 plugin id 29750 published 2007-12-24 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29750 title CentOS 4 / 5 : thunderbird (CESA-2007:1083) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1084.NASL description From Red Hat Security Advisory 2007:1084 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A cross-site scripting flaw was found in the way SeaMonkey handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running SeaMonkey. (CVE-2007-5947) Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-5959) A race condition existed when SeaMonkey set the last seen 2020-06-01 modified 2020-06-02 plugin id 67617 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67617 title Oracle Linux 3 : seamonkey (ELSA-2007-1084) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-546-2.NASL description USN-546-1 fixed vulnerabilities in Firefox. The upstream update included a faulty patch which caused the drawImage method of the canvas element to fail. This update fixes the problem. We apologize for the inconvenience. It was discovered that Firefox incorrectly associated redirected sites as the origin of last seen 2020-06-01 modified 2020-06-02 plugin id 29236 published 2007-12-07 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29236 title Ubuntu 6.10 / 7.04 / 7.10 : firefox regression (USN-546-2) NASL family SuSE Local Security Checks NASL id SUSE_EPIPHANY-4870.NASL description This update brings the Mozilla XUL runner engine to security update version 1.8.1.10 MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. MFSA 2007-38 / CVE-2007-5959: The Firefox 2.0.0.10 update contains fixes for three bugs that improve the stability of the product. These crashes showed some evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2007-39 / CVE-2007-5960: Gregory Fleischer demonstrated that it was possible to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property. This could be used to conduct a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header as protection against such attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 29915 published 2008-01-10 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29915 title openSUSE 10 Security Update : epiphany (epiphany-4870) NASL family Windows NASL id MOZILLA_FIREFOX_20010.NASL description The installed version of Firefox is affected by various security issues : - Three bugs that can result in crashes with traces of memory corruption - A cross-site scripting vulnerability involving support for the last seen 2020-06-01 modified 2020-06-02 plugin id 28329 published 2007-11-27 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28329 title Firefox < 2.0.0.10 Multiple Vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1082.NASL description From Red Hat Security Advisory 2007:1082 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947) Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959) A race condition existed when Firefox set the last seen 2020-06-01 modified 2020-06-02 plugin id 67615 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67615 title Oracle Linux 4 / 5 : firefox (ELSA-2007-1082) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-1082.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947) Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959) A race condition existed when Firefox set the last seen 2020-06-01 modified 2020-06-02 plugin id 37591 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37591 title CentOS 4 : firefox (CESA-2007:1082) NASL family Scientific Linux Local Security Checks NASL id SL_20071126_FIREFOX_ON_SL5_X.NASL description A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947) Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959) A race condition existed when Firefox set the last seen 2020-06-01 modified 2020-06-02 plugin id 60314 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60314 title Scientific Linux Security Update : firefox on SL5.x, SL4.x i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2007-3952.NASL description Updated firefox packages that fix several security issues are now available for Fedora 7. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947) Several flaws were found in the way Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959) A race condition existed when Firefox set the last seen 2020-06-01 modified 2020-06-02 plugin id 28345 published 2007-11-29 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28345 title Fedora 7 : Miro-1.0-2.fc7 / blam-1.8.3-10.fc7 / chmsee-1.0.0-1.27.fc7 / devhelp-0.13-12.fc7 / etc (2007-3952) NASL family Scientific Linux Local Security Checks NASL id SL_20071219_THUNDERBIRD_ON_SL5_X.NASL description A cross-site scripting flaw was found in the way Thunderbird handled the jar: URI scheme. It may be possible for a malicious HTML mail message to leverage this flaw, and conduct a cross-site scripting attack against a user running Thunderbird. (CVE-2007-5947) Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2007-5959) A race condition existed when Thunderbird set the last seen 2020-06-01 modified 2020-06-02 plugin id 60338 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60338 title Scientific Linux Security Update : thunderbird on SL5.x, SL4.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_SEAMONKEY-4794.NASL description This update brings Mozilla SeaMonkey to security update version 1.1.7 Following security problems were fixed: MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. MFSA 2007-38 / CVE-2007-5959: The Firefox 2.0.0.10 update contains fixes for three bugs that improve the stability of the product. These crashes showed some evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2007-39 / CVE-2007-5960: Gregory Fleischer demonstrated that it was possible to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property. This could be used to conduct a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header as protection against such attacks. Also enigmail was upgraded to 0.95.5. last seen 2020-06-01 modified 2020-06-02 plugin id 29695 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29695 title openSUSE 10 Security Update : seamonkey (seamonkey-4794) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-246.NASL description A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.11. This update provides the latest Firefox to correct these issues. As well, it provides Firefox 2.0.0.11 for older products. last seen 2020-06-01 modified 2020-06-02 plugin id 29718 published 2007-12-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29718 title Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2007:246) NASL family Fedora Local Security Checks NASL id FEDORA_2007-756.NASL description Updated firefox packages that fix several security issues are now available for Fedora Core 6. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947) Several flaws were found in the way Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959) A race condition existed when Firefox set the last seen 2020-06-01 modified 2020-06-02 plugin id 29197 published 2007-12-04 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29197 title Fedora Core 6 : firefox-1.5.0.12-7.fc6 (2007-756) NASL family Windows NASL id NETSCAPE_BROWSER_9004.NASL description The installed version of Netscape is affected by various security issues : - Three bugs that can result in crashes with traces of memory corruption - A cross-site scripting vulnerability involving support for the last seen 2020-06-01 modified 2020-06-02 plugin id 28377 published 2007-12-03 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28377 title Netscape Browser < 9.0.0.4 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-4757.NASL description This update brings Mozilla Firefox to security update version 2.0.0.10 Following security problems were fixed: MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. - The Firefox 2.0.0.10 update contains fixes for three bugs that improve the stability of the product. These crashes showed some evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2007-38 / CVE-2007-5959) - Gregory Fleischer demonstrated that it was possible to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property. This could be used to conduct a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header as protection against such attacks. (MFSA 2007-39 / CVE-2007-5960) last seen 2020-06-01 modified 2020-06-02 plugin id 29363 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29363 title SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 4757) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2007-331-01.NASL description New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28335 published 2007-11-29 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28335 title Slackware 10.2 / 11.0 / 12.0 / current : firefox (SSA:2007-331-01) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2007-333-01.NASL description New seamonkey packages are available for Slackware 11.0, 12.0, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28362 published 2007-11-30 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28362 title Slackware 11.0 / 12.0 / current : seamonkey (SSA:2007-333-01) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1083.NASL description From Red Hat Security Advisory 2007:1083 : Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A cross-site scripting flaw was found in the way Thunderbird handled the jar: URI scheme. It may be possible for a malicious HTML mail message to leverage this flaw, and conduct a cross-site scripting attack against a user running Thunderbird. (CVE-2007-5947) Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2007-5959) A race condition existed when Thunderbird set the last seen 2020-06-01 modified 2020-06-02 plugin id 67616 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67616 title Oracle Linux 4 : thunderbird (ELSA-2007-1083) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1082.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947) Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959) A race condition existed when Firefox set the last seen 2020-06-01 modified 2020-06-02 plugin id 28353 published 2007-11-29 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28353 title RHEL 4 / 5 : firefox (RHSA-2007:1082) NASL family SuSE Local Security Checks NASL id SUSE_SEAMONKEY-4795.NASL description This update fixed various security problems in Mozilla SeaMonkey. Following security problems were fixed: MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. MFSA 2007-38 / CVE-2007-5959: The Firefox 2.0.0.10 update contains fixes for three bugs that improve the stability of the product. These crashes showed some evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2007-39 / CVE-2007-5960: Gregory Fleischer demonstrated that it was possible to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property. This could be used to conduct a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header as protection against such attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 29888 published 2008-01-08 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29888 title openSUSE 10 Security Update : seamonkey (seamonkey-4795) NASL family Fedora Local Security Checks NASL id FEDORA_2007-3962.NASL description Updated firefox packages that fix several security issues are now available for Fedora 8. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947) Several flaws were found in the way Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959) A race condition existed when Firefox set the last seen 2020-06-01 modified 2020-06-02 plugin id 28347 published 2007-11-29 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28347 title Fedora 8 : Miro-1.0-2.fc8 / blam-1.8.3-12.fc8 / chmsee-1.0.0-1.27.fc8 / devhelp-0.16.1-4.fc8 / etc (2007-3962) NASL family Fedora Local Security Checks NASL id FEDORA_2007-4098.NASL description - Sun Dec 2 2007 Kai Engert <kengert at redhat.com> - 1.1.7-1 - SeaMonkey 1.1.7 - Mon Nov 5 2007 Kai Engert <kengert at redhat.com> - 1.1.6-1 - SeaMonkey 1.1.6 - Fri Oct 19 2007 Kai Engert <kengert at redhat.com> - 1.1.5-2 - SeaMonkey 1.1.5 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 29266 published 2007-12-11 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29266 title Fedora 8 : seamonkey-1.1.7-1.fc8 (2007-4098) NASL family Scientific Linux Local Security Checks NASL id SL_20071126_SEAMONKEY_ON_SL4_X.NASL description A cross-site scripting flaw was found in the way SeaMonkey handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running SeaMonkey. (CVE-2007-5947) Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-5959) A race condition existed when SeaMonkey set the last seen 2020-06-01 modified 2020-06-02 plugin id 60315 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60315 title Scientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1084.NASL description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A cross-site scripting flaw was found in the way SeaMonkey handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running SeaMonkey. (CVE-2007-5947) Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-5959) A race condition existed when SeaMonkey set the last seen 2020-06-01 modified 2020-06-02 plugin id 28354 published 2007-11-29 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28354 title RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:1084) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1083.NASL description Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A cross-site scripting flaw was found in the way Thunderbird handled the jar: URI scheme. It may be possible for a malicious HTML mail message to leverage this flaw, and conduct a cross-site scripting attack against a user running Thunderbird. (CVE-2007-5947) Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2007-5959) A race condition existed when Thunderbird set the last seen 2020-06-01 modified 2020-06-02 plugin id 29773 published 2007-12-24 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29773 title RHEL 4 / 5 : thunderbird (RHSA-2007:1083) NASL family Fedora Local Security Checks NASL id FEDORA_2007-4106.NASL description - Sun Dec 2 2007 Kai Engert <kengert at redhat.com> - 1.1.7-1 - SeaMonkey 1.1.7 - Mon Nov 5 2007 Kai Engert <kengert at redhat.com> - 1.1.6-1 - SeaMonkey 1.1.6 - Fri Oct 19 2007 Kai Engert <kengert at redhat.com> - 1.1.5-1 - SeaMonkey 1.1.5 - Fri Jul 27 2007 Martin Stransky <stransky at redhat.com> - 1.1.3-2 - added pango patches - Fri Jul 20 2007 Kai Engert <kengert at redhat.com> - 1.1.3-1 - SeaMonkey 1.1.3 - Thu May 31 2007 Kai Engert <kengert at redhat.com> 1.1.2-1 - SeaMonkey 1.1.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 29267 published 2007-12-11 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29267 title Fedora 7 : seamonkey-1.1.7-1.fc7 (2007-4106)
Oval
| accepted | 2013-04-29T04:22:57.256-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. | ||||||||||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:9873 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
| title | The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. | ||||||||||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||
| rpms |
|
References
- http://browser.netscape.com/releasenotes/
- http://bugs.gentoo.org/show_bug.cgi?id=198965
- http://bugs.gentoo.org/show_bug.cgi?id=200909
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html
- http://secunia.com/advisories/27605
- http://secunia.com/advisories/27793
- http://secunia.com/advisories/27796
- http://secunia.com/advisories/27797
- http://secunia.com/advisories/27800
- http://secunia.com/advisories/27816
- http://secunia.com/advisories/27838
- http://secunia.com/advisories/27845
- http://secunia.com/advisories/27855
- http://secunia.com/advisories/27944
- http://secunia.com/advisories/27955
- http://secunia.com/advisories/27957
- http://secunia.com/advisories/27979
- http://secunia.com/advisories/28001
- http://secunia.com/advisories/28016
- http://secunia.com/advisories/28171
- http://secunia.com/advisories/28277
- http://secunia.com/advisories/28398
- http://secunia.com/advisories/29164
- http://security.gentoo.org/glsa/glsa-200712-21.xml
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.365006
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374833
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1
- http://wiki.rpath.com/Advisories:rPSA-2008-0093
- http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
- http://www.debian.org/security/2007/dsa-1424
- http://www.debian.org/security/2007/dsa-1425
- http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues
- http://www.kb.cert.org/vuls/id/715737
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:246
- http://www.mozilla.org/security/announce/2007/mfsa2007-37.html
- http://www.redhat.com/support/errata/RHSA-2007-1082.html
- http://www.redhat.com/support/errata/RHSA-2007-1083.html
- http://www.redhat.com/support/errata/RHSA-2007-1084.html
- http://www.securityfocus.com/archive/1/488002/100/0/threaded
- http://www.securityfocus.com/archive/1/488971/100/0/threaded
- http://www.securityfocus.com/bid/26385
- http://www.securitytracker.com/id?1018928
- http://www.ubuntu.com/usn/usn-546-2
- http://www.vupen.com/english/advisories/2007/3818
- http://www.vupen.com/english/advisories/2007/4002
- http://www.vupen.com/english/advisories/2007/4018
- http://www.vupen.com/english/advisories/2008/0083
- http://www.vupen.com/english/advisories/2008/0643
- https://bugzilla.mozilla.org/show_bug.cgi?id=369814
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38356
- https://issues.rpath.com/browse/RPL-1984
- https://issues.rpath.com/browse/RPL-1995
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9873
- https://usn.ubuntu.com/546-1/
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00115.html
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00135.html
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00168.html
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01011.html