Mozilla Firefox Jar URI Cross-Site Scripting
Publish date: 21 de julio de 2015
Gravedad: Medio
Identificadores de CVE : CVE-2007-5947
Fecha recomendada: 21 de julio de 2015
Descripción
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1001178
Trend Micro Deep Security DPI Rule Name: 1001178 - Mozilla Firefox Jar URI Cross-Site Scripting
Software y versión afectados
- Mozilla Firefox 2.0.0.10
- Mozilla Seamonkey 1.1.7