Firefox prior to 1.0.4 and Mozilla Suite prior to 1.7.8 does not properly implement certain security checks for script injection, which allows remote malicious users to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 0.9.2 |
||
mozilla firefox 0.9.3 |
||
mozilla mozilla 1.5.1 |
||
mozilla mozilla 1.5 |
||
mozilla mozilla 1.7.1 |
||
mozilla mozilla 1.7.2 |
||
mozilla mozilla 1.7 |
||
mozilla firefox 0.10.1 |
||
mozilla firefox 0.8 |
||
mozilla firefox 1.0.2 |
||
mozilla firefox 1.0.3 |
||
mozilla mozilla 1.6 |
||
mozilla mozilla 1.7.6 |
||
mozilla mozilla 1.7.7 |
||
mozilla firefox 0.9 |
||
mozilla firefox 0.9.1 |
||
mozilla mozilla 1.4.1 |
||
mozilla firefox 0.10 |
||
mozilla firefox 1.0 |
||
mozilla firefox 1.0.1 |
||
mozilla mozilla 1.7.3 |
||
mozilla mozilla 1.7.5 |
||
mozilla mozilla |