Unrated severityNVD Advisory· Published Mar 3, 2007· Updated Apr 23, 2026

CVE-2007-1256

Description

Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092.

Affected products

Mozilla Corporation/Firefox3 versions
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

marc.infonvdThird Party Advisory
marc.infonvdThird Party Advisory
osvdb.org/35913nvdBroken Link
www.securityfocus.com/archive/1/461437/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000