Lucene search

RedhatCVE-2007-0996

HistoryFeb 27, 2007 - 2:28 a.m.

CVE-2007-0996

2007-02-2702:28:00

redhat

web.nvd.nist.gov

cve-2007-0996

mozilla firefox

seamonkey

xss

utf-7

cross-site scripting

nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.105

Percentile

95.0%

JSON

The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

Affected configurations

Nvd

Node

mozillafirefoxMatch1.5

mozillafirefoxMatch1.5beta1

mozillafirefoxMatch1.5beta2

mozillafirefoxMatch1.5.0.1

mozillafirefoxMatch1.5.0.2

mozillafirefoxMatch1.5.0.3

mozillafirefoxMatch1.5.0.4

mozillafirefoxMatch1.5.0.5

mozillafirefoxMatch1.5.0.6

mozillafirefoxMatch1.5.0.7

mozillafirefoxMatch1.5.0.8

mozillafirefoxMatch1.5.0.9

mozillafirefoxMatch2.0

mozillafirefoxMatch2.0beta_1

mozillafirefoxMatch2.0rc2

mozillafirefoxMatch2.0rc3

mozillafirefoxMatch2.0.0.1

mozillaseamonkeyMatch1.0

mozillaseamonkeyMatch1.0alpha

mozillaseamonkeyMatch1.0dev

mozillaseamonkeyMatch1.0beta

mozillaseamonkeyMatch1.0.1

mozillaseamonkeyMatch1.0.2

mozillaseamonkeyMatch1.0.3

mozillaseamonkeyMatch1.0.4

mozillaseamonkeyMatch1.0.5

mozillaseamonkeyMatch1.0.6

mozillaseamonkeyMatch1.0.7

VendorProductVersionCPE
mozillafirefox1.5cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
mozillafirefox1.5cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
mozillafirefox1.5cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
mozillafirefox1.5.0.1cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
mozillafirefox1.5.0.2cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
mozillafirefox1.5.0.3cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
mozillafirefox1.5.0.4cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
mozillafirefox1.5.0.5cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
mozillafirefox1.5.0.6cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
mozillafirefox1.5.0.7cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	1.5	cpe:2.3:a:mozilla:firefox:1.5:::::::*
mozilla	firefox	1.5	cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
mozilla	firefox	1.5	cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
mozilla	firefox	1.5.0.1	cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
mozilla	firefox	1.5.0.2	cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
mozilla	firefox	1.5.0.3	cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
mozilla	firefox	1.5.0.4	cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
mozilla	firefox	1.5.0.5	cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*
mozilla	firefox	1.5.0.6	cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*
mozilla	firefox	1.5.0.7	cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*

Rows per page:

1-10 of 281

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

fedoranews.org/cms/node/2713

fedoranews.org/cms/node/2728

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

osvdb.org/33812

rhn.redhat.com/errata/RHSA-2007-0077.html

secunia.com/advisories/24205

secunia.com/advisories/24287

secunia.com/advisories/24290

secunia.com/advisories/24320

secunia.com/advisories/24328

secunia.com/advisories/24333

secunia.com/advisories/24342

secunia.com/advisories/24343

secunia.com/advisories/24384

secunia.com/advisories/24395

secunia.com/advisories/24455

secunia.com/advisories/24457

secunia.com/advisories/24650

secunia.com/advisories/25588

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

www.debian.org/security/2007/dsa-1336

www.hardened-php.net/advisory_032007.142.html

www.mandriva.com/security/advisories?name=MDKSA-2007:050

www.mozilla.org/security/announce/2007/mfsa2007-02.html

www.novell.com/linux/security/advisories/2007_22_mozilla.html

www.redhat.com/support/errata/RHSA-2007-0078.html

www.redhat.com/support/errata/RHSA-2007-0079.html

www.redhat.com/support/errata/RHSA-2007-0097.html

www.redhat.com/support/errata/RHSA-2007-0108.html

www.securityfocus.com/archive/1/461076/100/0/threaded

www.securityfocus.com/archive/1/461336/100/0/threaded

www.securityfocus.com/bid/22694

www.securitytracker.com/id?1017702

www.ubuntu.com/usn/usn-428-1

www.vupen.com/english/advisories/2007/0718

issues.rpath.com/browse/RPL-1103

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10086

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.105

Percentile

95.0%

JSON

Related for CVE-2007-0996