Lucene search

K

MitreCVE-2007-1092

HistoryFeb 26, 2007 - 5:28 p.m.

CVE-2007-1092

2007-02-2617:28:00

mitre

web.nvd.nist.gov

43

cve-2007-1092

mozilla firefox

seamonkey

remote code execution

javascript

memory corruption

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.967

Percentile

99.7%

Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.

Affected configurations

Nvd

Node

mozillafirefoxMatch1.5.0.9

OR

mozillafirefoxMatch2.0.0.1

OR

mozillaseamonkeyRange≤1.0.7

VendorProductVersionCPE
mozillafirefox1.5.0.9cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
mozillafirefox2.0.0.1cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

archives.neohapsis.com/archives/fulldisclosure/2007-02/0525.html

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

osvdb.org/32103

secunia.com/advisories/24333

secunia.com/advisories/24343

secunia.com/advisories/24384

secunia.com/advisories/24395

secunia.com/advisories/24457

secunia.com/advisories/24650

securityreason.com/securityalert/2302

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

www.kb.cert.org/vuls/id/393921

www.mandriva.com/security/advisories?name=MDKSA-2007:050

www.mozilla.org/security/announce/2007/mfsa2007-08.html

www.novell.com/linux/security/advisories/2007_22_mozilla.html

www.redhat.com/support/errata/RHSA-2007-0078.html

www.securityfocus.com/archive/1/461024/100/0/threaded

www.securityfocus.com/bid/22679

www.securitytracker.com/id?1017701

www.ubuntu.com/usn/usn-428-1

bugzilla.mozilla.org/show_bug.cgi?id=371321

exchange.xforce.ibmcloud.com/vulnerabilities/32647

exchange.xforce.ibmcloud.com/vulnerabilities/32648

issues.rpath.com/browse/RPL-1103

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11158

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.967

Percentile

99.7%

Related for CVE-2007-1092

nvd2 cvelist2 prion2 cert1 mozilla1 securityvulns2 ubuntucve2 cve1 openvas12 nessus17 freebsd1 oraclelinux3 redhat3 ubuntu2 centos5 suse2