CVE-2007-5947

Publication date 14 November 2007

Last updated 24 July 2024


Ubuntu priority

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.

Status

Package Ubuntu Release Status
firefox 7.10 gutsy
Fixed 2.0.0.10+2nobinonly-0ubuntu1.7.10.1
7.04 feisty
Fixed 2.0.0.10+1nobinonly-0ubuntu1
6.10 edgy
Fixed 2.0.0.10+0nobinonly-0ubuntu0.6.10
6.06 LTS dapper
Fixed 1.5.dfsg+1.5.0.14~prepatch071125a-0ubuntu1

References

Related Ubuntu Security Notices (USN)

    • USN-546-1
    • Firefox vulnerabilities
    • 26 November 2007

Other references