CVE-2007-1256

Mozilla Firefox 2.0.0.2 - Address Bar Spoofing via Document Location Manipulation

Title source: llm
STIX 2.1

Description

Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092.

References (4)

Core 4
Core References
Third Party Advisory mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=117259225402112&w=2
Third Party Advisory mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=117258301222007&w=2
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/461437/100/0/threaded
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/35913

Scores

EPSS 0.0101
EPSS Percentile 59.3%

Details

CWE
CWE-119
Status published
Products (3)
mozilla/firefox 2.0
mozilla/firefox 2.0.0.1
mozilla/firefox 2.0.0.2
Published Mar 03, 2007
Tracked Since Feb 18, 2026