CVE-2007-1095
UnknownEPSS 2.19%
Last modified
CVE-2007-1095 is a vulnerability of currently unknown severity. Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.. EPSS estimates a 2.19% chance of exploitation in the next 30 days.
Description
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 2.0.0.7 |
| Mozilla | Firefox | 0.1 |
| Mozilla | Firefox | 0.2 |
| Mozilla | Firefox | 0.3 |
| Mozilla | Firefox | 0.4 |
| Mozilla | Firefox | 0.5 |
| Mozilla | Firefox | 0.6 |
| Mozilla | Firefox | 0.6.1 |
| Mozilla | Firefox | 0.7 |
| Mozilla | Firefox | 0.7.1 |
| Mozilla | Firefox | 0.8 |
| Mozilla | Firefox | 0.9 |
| Mozilla | Firefox | 0.9.1 |
| Mozilla | Firefox | 0.9.2 |
| Mozilla | Firefox | 0.9.3 |
| Mozilla | Firefox | 0.10 |
| Mozilla | Firefox | 0.10.1 |
| Mozilla | Firefox | 1.0 |
| Mozilla | Firefox | 1.0.1 |
| Mozilla | Firefox | 1.0.2 |
| Mozilla | Firefox | 1.0.3 |
| Mozilla | Firefox | 1.0.4 |
| Mozilla | Firefox | 1.0.5 |
| Mozilla | Firefox | 1.0.6 |
| Mozilla | Firefox | 1.0.7 |
| Mozilla | Firefox | 1.0.8 |
| Mozilla | Firefox | 1.4.1 |
| Mozilla | Firefox | 1.5 |
| Mozilla | Firefox | 1.5.0.1 |
| Mozilla | Firefox | 1.5.0.2 |
| Mozilla | Firefox | 1.5.0.3 |
| Mozilla | Firefox | 1.5.0.4 |
| Mozilla | Firefox | 1.5.0.5 |
| Mozilla | Firefox | 1.5.0.6 |
| Mozilla | Firefox | 1.5.0.7 |
| Mozilla | Firefox | 1.5.0.8 |
| Mozilla | Firefox | 1.5.0.9 |
| Mozilla | Firefox | 1.5.0.10 |
| Mozilla | Firefox | 1.5.0.11 |
| Mozilla | Firefox | 1.5.0.12 |
| Mozilla | Firefox | 1.5.1 |
| Mozilla | Firefox | 1.5.2 |
| Mozilla | Firefox | 1.5.3 |
| Mozilla | Firefox | 1.5.4 |
| Mozilla | Firefox | 1.5.5 |
| Mozilla | Firefox | 1.5.6 |
| Mozilla | Firefox | 1.5.7 |
| Mozilla | Firefox | 1.5.8 |
| Mozilla | Firefox | 1.8 |
| Mozilla | Firefox | 2.0 |
Showing 50 of 71 affected configurations. See NVD for the full list.
References
- http://secunia.com/advisories/27276Vendor Advisory
- http://secunia.com/advisories/27298Vendor Advisory
- http://secunia.com/advisories/27311Vendor Advisory
- http://secunia.com/advisories/27315Vendor Advisory
- http://secunia.com/advisories/27325Vendor Advisory
- http://secunia.com/advisories/27327Vendor Advisory
- http://secunia.com/advisories/27335Vendor Advisory
- http://secunia.com/advisories/27336Vendor Advisory
- http://secunia.com/advisories/27356Vendor Advisory
- http://secunia.com/advisories/27360Vendor Advisory
- http://secunia.com/advisories/27383Vendor Advisory
- http://secunia.com/advisories/27387Vendor Advisory
- http://secunia.com/advisories/27403Vendor Advisory
- http://secunia.com/advisories/27414Vendor Advisory
- http://secunia.com/advisories/27425Vendor Advisory
- http://secunia.com/advisories/27480Vendor Advisory
- http://secunia.com/advisories/27665Vendor Advisory
- http://secunia.com/advisories/27680Vendor Advisory
- http://secunia.com/advisories/28398Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0979.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0980.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0981.htmlVendor Advisory
- http://secunia.com/advisories/27276Vendor Advisory
- http://secunia.com/advisories/27298Vendor Advisory
- http://secunia.com/advisories/27311Vendor Advisory
- http://secunia.com/advisories/27315Vendor Advisory
- http://secunia.com/advisories/27325Vendor Advisory
- http://secunia.com/advisories/27327Vendor Advisory
- http://secunia.com/advisories/27335Vendor Advisory
- http://secunia.com/advisories/27336Vendor Advisory
- http://secunia.com/advisories/27356Vendor Advisory
- http://secunia.com/advisories/27360Vendor Advisory
- http://secunia.com/advisories/27383Vendor Advisory
- http://secunia.com/advisories/27387Vendor Advisory
- http://secunia.com/advisories/27403Vendor Advisory
- http://secunia.com/advisories/27414Vendor Advisory
- http://secunia.com/advisories/27425Vendor Advisory
- http://secunia.com/advisories/27480Vendor Advisory
- http://secunia.com/advisories/27665Vendor Advisory
- http://secunia.com/advisories/27680Vendor Advisory
- http://secunia.com/advisories/28398Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0979.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0980.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2007-0981.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-1095?
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
How severe is CVE-2007-1095?
Severity scoring for CVE-2007-1095 is pending analysis. The EPSS model estimates a 2.19% probability of exploitation in the next 30 days.
How do I fix CVE-2007-1095?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2007-1095?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST