{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-27T00:00:00", "descriptions": [{"lang": "en", "value": "Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070227 RE: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://marc.info/?l=full-disclosure&m=117259225402112&w=2"}, {"name": "20070227 Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://marc.info/?l=full-disclosure&m=117258301222007&w=2"}, {"name": "20070227 Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/461437/100/0/threaded"}, {"name": "35913", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35913"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1256", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070227 RE: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure&m=117259225402112&w=2"}, {"name": "20070227 Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure&m=117258301222007&w=2"}, {"name": "20070227 Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/461437/100/0/threaded"}, {"name": "35913", "refsource": "OSVDB", "url": "http://osvdb.org/35913"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:50:35.092Z"}, "title": "CVE Program Container", "references": [{"name": "20070227 RE: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://marc.info/?l=full-disclosure&m=117259225402112&w=2"}, {"name": "20070227 Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://marc.info/?l=full-disclosure&m=117258301222007&w=2"}, {"name": "20070227 Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/461437/100/0/threaded"}, {"name": "35913", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35913"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1256", "datePublished": "2007-03-03T20:00:00", "dateReserved": "2007-03-03T00:00:00", "dateUpdated": "2024-08-07T12:50:35.092Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "3487FA64-BE04-42CA-861E-3DAC097D7D32", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F3D956DC-C73B-439F-8D79-8239207CC76F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "57E2C7E7-56C0-466C-BB08-5EB43922C4F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092."}, {"lang": "es", "value": "Mozilla Firefox 2.0.0.2 permite a atacantes remotos parodiar la barra de direcciones, iconos favoritos (favicons), y c\u00f3digo fuente, y realizar actualizaciones en el contexto de sitios web de su elecci\u00f3n, al poner repetidamente document.location en el atributo onunload cuando se enlaza otro sitio web, una variante de CVE-2007-1092."}], "id": "CVE-2007-1256", "lastModified": "2024-11-21T00:27:53.420", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-03-03T20:19:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=full-disclosure&m=117258301222007&w=2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=full-disclosure&m=117259225402112&w=2"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://osvdb.org/35913"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/461437/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=full-disclosure&m=117258301222007&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=full-disclosure&m=117259225402112&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://osvdb.org/35913"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/461437/100/0/threaded"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}