Mozilla Firefox Jar URI Cross-Site Scripting
Data de publicação: 21 julho 2015
Schweregrad: : Medium
Identificador(es) CVE: : CVE-2007-5947
Data do informe: 21 julho 2015
Descrição
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.
Exposição das informações
Apply associated Trend Micro DPI Rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1001178
Trend Micro Deep Security DPI Rule Name: 1001178 - Mozilla Firefox Jar URI Cross-Site Scripting
Software infectado e versão:
- Mozilla Firefox 2.0.0.10
- Mozilla Seamonkey 1.1.7