[Bug 238616] New: CVE-2007-2381: MochiKit javascript hijacking vulnerability
bugzilla at redhat.com
bugzilla at redhat.com
Tue May 1 20:19:08 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238616
Summary: CVE-2007-2381: MochiKit javascript hijacking
vulnerability
Product: Fedora Extras
Version: fc6
Platform: All
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2381
OS/Version: Linux
Status: NEW
Severity: medium
Priority: medium
Component: MochiKit
AssignedTo: icon at fedoraproject.org
ReportedBy: ville.skytta at iki.fi
QAContact: extras-qa at fedoraproject.org
CC: fedora-security-list at redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2381
"The MochiKit framework exchanges data using JavaScript Object Notation (JSON)
without an associated protection scheme, which allows remote attackers to obtain
the data via a web page that retrieves the data through a URL in the SRC
attribute of a SCRIPT element and captures the data using other JavaScript code,
aka "JavaScript Hijacking.""
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the security
mailing list