CVE-2007-1095

NameCVE-2007-1095
DescriptionMozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1392-1, DSA-1396-1, DSA-1401-1, DTSA-69-1, DTSA-80-1
NVD severitymedium
Debian Bugs445514

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceapesource(unstable)1.1.5
iceapesourceetch1.0.11~pre071022-0etch1DSA-1401-1
iceapesourcelenny1.0.11~pre071022-0etch1+lenny1DTSA-80-1
iceweaselsource(unstable)2.0.0.8-1low445514
iceweaselsourceetch2.0.0.6+2.0.0.8-0etch1DSA-1396-1
xulrunnersource(unstable)1.8.1.9-1
xulrunnersourceetch1.8.0.14~pre071019b-0etch1DSA-1392-1
xulrunnersourcelenny1.8.0.14~pre071019b-0lenny1DTSA-69-1

Notes

MFSA2007-30

Search for package or bug name: Reporting problems