NVD脆弱性詳細

CVE-2007-1095

概要	Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
公表日	2007年2月27日2:28
登録日	2021年1月29日14:07
最終更新日	2018年10月17日1:36

CVSS2.0 : MEDIUM
スコア	6.8
ベクター	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	はい
ユーザー操作が必要	はい

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:mozilla:firefox:0.1:::::::*
cpe:2.3:a:mozilla:firefox:0.2:::::::*
cpe:2.3:a:mozilla:firefox:0.3:::::::*
cpe:2.3:a:mozilla:firefox:0.4:::::::*
cpe:2.3:a:mozilla:firefox:0.5:::::::*
cpe:2.3:a:mozilla:firefox:0.6:::::::*
cpe:2.3:a:mozilla:firefox:0.6.1:::::::*
cpe:2.3:a:mozilla:firefox:0.7:::::::*
cpe:2.3:a:mozilla:firefox:0.7.1:::::::*
cpe:2.3:a:mozilla:firefox:0.8:::::::*
cpe:2.3:a:mozilla:firefox:0.9:::::::*
cpe:2.3:a:mozilla:firefox:0.9:rc::::::
cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
cpe:2.3:a:mozilla:firefox:0.10:::::::*
cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0:::::::*
cpe:2.3:a:mozilla:firefox:1.0:preview_release::::::
cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.0.7:::::::*
cpe:2.3:a:mozilla:firefox:1.0.8:::::::*
cpe:2.3:a:mozilla:firefox:1.4.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.8:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.9:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.11:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.12:::::::*
cpe:2.3:a:mozilla:firefox:1.5.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.6:::::::*
cpe:2.3:a:mozilla:firefox:1.5.7:::::::*
cpe:2.3:a:mozilla:firefox:1.5.8:::::::*
cpe:2.3:a:mozilla:firefox:1.8:::::::*
cpe:2.3:a:mozilla:firefox:2.0:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.2:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.3:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.4:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.5:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.6:::::::*
cpe:2.3:a:mozilla:firefox::::::::		2.0.0.7

構成2	以上	以下	より上	未満
cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.7:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.8:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.3:::::::*
cpe:2.3:a:mozilla:seamonkey::::::::		1.1.4

関連情報、対策とツール

No	URL	refsource	タグ
1	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	HP
2	http://lcamtuf.coredump.cx/ietrap/ff/	MISC
3	http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html	FULLDISC
4	http://osvdb.org/33809	OSVDB
5	http://secunia.com/advisories/27276	SECUNIA	Vendor Advisory
6	http://secunia.com/advisories/27298	SECUNIA	Vendor Advisory
7	http://secunia.com/advisories/27311	SECUNIA	Vendor Advisory
8	http://secunia.com/advisories/27315	SECUNIA	Vendor Advisory
9	http://secunia.com/advisories/27325	SECUNIA	Vendor Advisory
10	http://secunia.com/advisories/27327	SECUNIA	Vendor Advisory
11	http://secunia.com/advisories/27335	SECUNIA	Vendor Advisory
12	http://secunia.com/advisories/27336	SECUNIA	Vendor Advisory
13	http://secunia.com/advisories/27356	SECUNIA	Vendor Advisory
14	http://secunia.com/advisories/27360	SECUNIA	Vendor Advisory
15	http://secunia.com/advisories/27383	SECUNIA	Vendor Advisory
16	http://secunia.com/advisories/27387	SECUNIA	Vendor Advisory
17	http://secunia.com/advisories/27403	SECUNIA	Vendor Advisory
18	http://secunia.com/advisories/27414	SECUNIA	Vendor Advisory
19	http://secunia.com/advisories/27425	SECUNIA	Vendor Advisory
20	http://secunia.com/advisories/27480	SECUNIA	Vendor Advisory
21	http://secunia.com/advisories/27665	SECUNIA	Vendor Advisory
22	http://secunia.com/advisories/27680	SECUNIA	Vendor Advisory
23	http://secunia.com/advisories/28398	SECUNIA	Vendor Advisory
24	http://securityreason.com/securityalert/2310	SREASON
25	http://securitytracker.com/id?1018837	SECTRACK
26	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1	SUNALERT
27	http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html	CONFIRM
28	http://www.debian.org/security/2007/dsa-1392	DEBIAN
29	http://www.debian.org/security/2007/dsa-1396	DEBIAN
30	http://www.debian.org/security/2007/dsa-1401	DEBIAN
31	http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml	GENTOO
32	http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202	MANDRIVA
33	http://www.mozilla.org/security/announce/2007/mfsa2007-30.html	CONFIRM
34	http://www.novell.com/linux/security/advisories/2007_57_mozilla.html	SUSE
35	http://www.redhat.com/support/errata/RHSA-2007-0979.html	REDHAT	Vendor Advisory
36	http://www.redhat.com/support/errata/RHSA-2007-0980.html	REDHAT	Vendor Advisory
37	http://www.redhat.com/support/errata/RHSA-2007-0981.html	REDHAT	Vendor Advisory
38	http://www.securityfocus.com/archive/1/461007/100/0/threaded	BUGTRAQ
39	http://www.securityfocus.com/archive/1/461023/100/0/threaded	BUGTRAQ
40	http://www.securityfocus.com/archive/1/482876/100/200/threaded	BUGTRAQ
41	http://www.securityfocus.com/archive/1/482925/100/0/threaded	BUGTRAQ
42	http://www.securityfocus.com/archive/1/482932/100/200/threaded	BUGTRAQ
43	http://www.securityfocus.com/bid/22688	BID
44	http://www.ubuntu.com/usn/usn-536-1	UBUNTU
45	http://www.vupen.com/english/advisories/2007/3544	VUPEN
46	http://www.vupen.com/english/advisories/2007/3587	VUPEN
47	http://www.vupen.com/english/advisories/2008/0083	VUPEN
48	https://bugzilla.mozilla.org/show_bug.cgi?id=371360	MISC
49	https://exchange.xforce.ibmcloud.com/vulnerabilities/32647	XF
50	https://exchange.xforce.ibmcloud.com/vulnerabilities/32649	XF
51	https://issues.rpath.com/browse/RPL-1858	CONFIRM
52	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11665	OVAL
53	https://usn.ubuntu.com/535-1/	UBUNTU
54	https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html	FEDORA
55	https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html	FEDORA
56	https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html	FEDORA

共通脆弱性一覧

構成1	以上	以下	より上	未満
cpe:2.3:a:mozilla:firefox:0.1:::::::*
cpe:2.3:a:mozilla:firefox:0.2:::::::*
cpe:2.3:a:mozilla:firefox:0.3:::::::*
cpe:2.3:a:mozilla:firefox:0.4:::::::*
cpe:2.3:a:mozilla:firefox:0.5:::::::*
cpe:2.3:a:mozilla:firefox:0.6:::::::*
cpe:2.3:a:mozilla:firefox:0.6.1:::::::*
cpe:2.3:a:mozilla:firefox:0.7:::::::*
cpe:2.3:a:mozilla:firefox:0.7.1:::::::*
cpe:2.3:a:mozilla:firefox:0.8:::::::*
cpe:2.3:a:mozilla:firefox:0.9:::::::*
cpe:2.3:a:mozilla:firefox:0.9:rc::::::
cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
cpe:2.3:a:mozilla:firefox:0.10:::::::*
cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0:::::::*
cpe:2.3:a:mozilla:firefox:1.0:preview_release::::::
cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.0.7:::::::*
cpe:2.3:a:mozilla:firefox:1.0.8:::::::*
cpe:2.3:a:mozilla:firefox:1.4.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.8:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.9:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.11:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.12:::::::*
cpe:2.3:a:mozilla:firefox:1.5.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.6:::::::*
cpe:2.3:a:mozilla:firefox:1.5.7:::::::*
cpe:2.3:a:mozilla:firefox:1.5.8:::::::*
cpe:2.3:a:mozilla:firefox:1.8:::::::*
cpe:2.3:a:mozilla:firefox:2.0:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.2:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.3:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.4:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.5:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.6:::::::*
cpe:2.3:a:mozilla:firefox::::::::		2.0.0.7

構成2	以上	以下	より上	未満
cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.7:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.8:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.3:::::::*
cpe:2.3:a:mozilla:seamonkey::::::::		1.1.4