The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of IE: website spoofing via onUnload

Synthesis of the vulnerability 

An attacker can create a HTML page using the onUnload event in order to execute a script to redirect victim to a spoofed site.
Vulnerable systems: Firefox, SeaMonkey.
Severity of this threat: 1/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 23/02/2007.
Références of this weakness: 371360, BID-22688, CVE-2007-1095, CVE-2007-1256, VIGILANCE-VUL-6584.

Description of the vulnerability 

The onUnload Javascript event permits to execute code when user leaves a web page.

An attacker can create a HTML page associating the onUnload event to a script creating a HTML page. This new HTML page contains a script changing the url in the address bar. This new url redirects victim to a malicious website.

This vulnerability thus permits to create a phishing attack.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness alert impacts software or systems such as Firefox, SeaMonkey.

Our Vigil@nce team determined that the severity of this computer vulnerability note is low.

The trust level is of type confirmed by a trusted third party, with an origin of internet server.

This bulletin is about 2 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this security bulletin.

Solutions for this threat 

Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability note. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.