CVE-2007-5947

Impact:
Moderate
Public Date:
2007-02-08
CWE:
CWE-79
Bugzilla:
394211: CVE-2007-5947 Mozilla jar: protocol XSS

The MITRE CVE dictionary describes this issue as:

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.

Find out more about CVE-2007-5947 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Extended Update Support 4.5 (firefox) RHSA-2007:1082 2007-11-26
Red Hat Enterprise Linux 3 (seamonkey) RHSA-2007:1084 2007-11-26
Red Hat Enterprise Linux 2.1 (seamonkey) RHSA-2007:1084 2007-11-26
Red Hat Enterprise Linux Extended Update Support 4.5 (seamonkey) RHSA-2007:1084 2007-11-26
Red Hat Enterprise Linux 5 (thunderbird) RHSA-2007:1083 2007-12-19
Red Hat Enterprise Linux 5 (firefox) RHSA-2007:1082 2007-11-26
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) (thunderbird) RHSA-2007:1083 2007-12-19
Red Hat Enterprise Linux 4 (firefox) RHSA-2007:1082 2007-11-26
Red Hat Enterprise Linux 4 (thunderbird) RHSA-2007:1083 2007-12-19
Red Hat Enterprise Linux 4 (seamonkey) RHSA-2007:1084 2007-11-26

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.