CVE-2007-0994

2007-03-0600:19:00

CWE-94

redhat

web.nvd.nist.gov

cve-2007-0994

mozilla firefox

seamonkey

regression error

remote attackers

arbitrary javascript

html mail message

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.03

Percentile

91.1%

JSON

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.

Affected configurations

Nvd

Node

mozillafirefoxRange1.5–1.5.0.10

mozillafirefoxRange2.0–2.0.0.2

mozillaseamonkeyRange1.0–1.0.8

mozillaseamonkeyRange1.1–1.1.1

Node

debiandebian_linuxMatch3.1

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
debiandebian_linux3.1cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	seamonkey	*	cpe:2.3:a:mozilla:seamonkey::::::::
debian	debian_linux	3.1	cpe:2.3:o:debian:debian_linux:3.1:::::::*