CVE-2007-1256: Buffer Overflow
First published: Sat Mar 03 2007(Updated: )
Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | =2.0 | |
| Firefox | =2.0.0.1 | |
| Firefox | =2.0.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-1256?
CVE-2007-1256 is classified as a medium severity vulnerability.
How do I fix CVE-2007-1256?
To mitigate CVE-2007-1256, users should upgrade to a version of Mozilla Firefox that is newer than 2.0.0.2.
What exploit methods are used in CVE-2007-1256?
CVE-2007-1256 can be exploited by attackers to spoof the address bar and favicons through the misuse of document.location in the onunload attribute.
What versions of Mozilla Firefox are affected by CVE-2007-1256?
CVE-2007-1256 affects Mozilla Firefox versions 2.0, 2.0.0.1, and 2.0.0.2.
Is user interaction required to exploit CVE-2007-1256?
Yes, user interaction is typically required to trigger the exploit of CVE-2007-1256.
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/softwarecombine
- vendor/mozilla
- canonical/firefox
- version/firefox/2.0
- version/firefox/2.0.0.1
- version/firefox/2.0.0.2