mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
973 B
973 B
CVE-2007-5947
Description
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.
POC
Reference
- http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues
- http://www.mozilla.org/security/announce/2007/mfsa2007-37.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9873
Github
No PoCs found on GitHub currently.