DescriptionThe jar protocol handler in Mozilla Firefox before 220.127.116.11 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
SUSE Timeline for this CVECVE page created: Tue Jul 9 16:49:17 2013
CVE page last modified: Fri Oct 7 12:45:39 2022