Lucene search

K
mozillaMozilla FoundationMFSA2007-16
HistoryMay 30, 2007 - 12:00 a.m.

XSS using addEventListener — Mozilla

2007-05-3000:00:00
Mozilla Foundation
www.mozilla.org
20

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.368

Percentile

97.2%

Mozilla contributor moz_bug_r_a4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser’s same-origin policy. This could be used to access or modify private or valuable information from that other site.

Affected configurations

Vulners
Node
mozillafirefoxRange<1.5.0.12
OR
mozillafirefoxRange<2.0.0.4
OR
mozillaseamonkeyRange<1.0.9
OR
mozillaseamonkeyRange<1.1.2
VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.368

Percentile

97.2%