CVE-2007-5947

N/A Unknown
Published: November 14, 2007 Modified: April 23, 2026
View on NVD

Description

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://browser.netscape.com/releasenotes/
Source: cve@mitre.org
http://bugs.gentoo.org/show_bug.cgi?id=198965
Source: cve@mitre.org
http://bugs.gentoo.org/show_bug.cgi?id=200909
Source: cve@mitre.org
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Source: cve@mitre.org
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html
Source: cve@mitre.org
http://secunia.com/advisories/27605
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/27793
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/27796
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/27797
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/27800
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/27816
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/27838
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/27845
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/27855
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/27944
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/27955
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/27957
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/27979
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/28001
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/28016
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/28171
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/28277
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/28398
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/29164
Source: cve@mitre.org
http://security.gentoo.org/glsa/glsa-200712-21.xml
Source: cve@mitre.org
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.365006
Source: cve@mitre.org
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374833
Source: cve@mitre.org
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
Source: cve@mitre.org
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1
Source: cve@mitre.org
http://wiki.rpath.com/Advisories:rPSA-2008-0093
Source: cve@mitre.org
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260
Source: cve@mitre.org
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
Source: cve@mitre.org
http://www.debian.org/security/2007/dsa-1424
Source: cve@mitre.org
http://www.debian.org/security/2007/dsa-1425
Source: cve@mitre.org
http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues
Source: cve@mitre.org
http://www.kb.cert.org/vuls/id/715737
Source: cve@mitre.org
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:246
Source: cve@mitre.org
http://www.mozilla.org/security/announce/2007/mfsa2007-37.html
Source: cve@mitre.org
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-1082.html
Source: cve@mitre.org
http://www.redhat.com/support/errata/RHSA-2007-1083.html
Source: cve@mitre.org
http://www.redhat.com/support/errata/RHSA-2007-1084.html
Source: cve@mitre.org
http://www.securityfocus.com/archive/1/488002/100/0/threaded
Source: cve@mitre.org
http://www.securityfocus.com/archive/1/488971/100/0/threaded
Source: cve@mitre.org
http://www.securityfocus.com/bid/26385
Source: cve@mitre.org
http://www.securitytracker.com/id?1018928
Source: cve@mitre.org
http://www.ubuntu.com/usn/usn-546-2
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2007/3818
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2007/4002
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2007/4018
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2008/0083
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2008/0643
Source: cve@mitre.org
https://bugzilla.mozilla.org/show_bug.cgi?id=369814
Source: cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/38356
Source: cve@mitre.org
https://issues.rpath.com/browse/RPL-1984
Source: cve@mitre.org
https://issues.rpath.com/browse/RPL-1995
Source: cve@mitre.org
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9873
Source: cve@mitre.org
https://usn.ubuntu.com/546-1/
Source: cve@mitre.org
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00115.html
Source: cve@mitre.org
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00135.html
Source: cve@mitre.org
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00168.html
Source: cve@mitre.org
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01011.html
Source: cve@mitre.org
http://browser.netscape.com/releasenotes/
Source: af854a3a-2127-422b-91ae-364da2661108
http://bugs.gentoo.org/show_bug.cgi?id=198965
Source: af854a3a-2127-422b-91ae-364da2661108
http://bugs.gentoo.org/show_bug.cgi?id=200909
Source: af854a3a-2127-422b-91ae-364da2661108
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/27605
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27793
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27796
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27797
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27800
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27816
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27838
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27845
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27855
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27944
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27955
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27957
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27979
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/28001
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/28016
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/28171
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/28277
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/28398
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/29164
Source: af854a3a-2127-422b-91ae-364da2661108
http://security.gentoo.org/glsa/glsa-200712-21.xml
Source: af854a3a-2127-422b-91ae-364da2661108
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.365006
Source: af854a3a-2127-422b-91ae-364da2661108
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374833
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://wiki.rpath.com/Advisories:rPSA-2008-0093
Source: af854a3a-2127-422b-91ae-364da2661108
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260
Source: af854a3a-2127-422b-91ae-364da2661108
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2007/dsa-1424
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2007/dsa-1425
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.kb.cert.org/vuls/id/715737
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:246
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mozilla.org/security/announce/2007/mfsa2007-37.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-1082.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2007-1083.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2007-1084.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/488002/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/488971/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/26385
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1018928
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-546-2
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/3818
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/4002
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/4018
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/0083
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/0643
Source: af854a3a-2127-422b-91ae-364da2661108
https://bugzilla.mozilla.org/show_bug.cgi?id=369814
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/38356
Source: af854a3a-2127-422b-91ae-364da2661108
https://issues.rpath.com/browse/RPL-1984
Source: af854a3a-2127-422b-91ae-364da2661108
https://issues.rpath.com/browse/RPL-1995
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9873
Source: af854a3a-2127-422b-91ae-364da2661108
https://usn.ubuntu.com/546-1/
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00115.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00135.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00168.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01011.html
Source: af854a3a-2127-422b-91ae-364da2661108

122 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
2.7%
84th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-79

Affected Vendors

mozilla

Related CVEs

CVE-2026-9699 6.8
CVE-2026-57667 8.5
CVE-2026-57665 5.3
CVE-2026-57664 4.3
CVE-2026-57663 8.5