Lucene search

K

[email protected]NVD:CVE-2007-0994

HistoryMar 06, 2007 - 12:19 a.m.

CVE-2007-0994

2007-03-0600:19:00

CWE-94

[email protected]

web.nvd.nist.gov

3

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7

Confidence

Low

EPSS

0.03

Percentile

91.1%

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.

Affected configurations

Nvd

Node

mozillafirefoxRange1.5–1.5.0.10

OR

mozillafirefoxRange2.0–2.0.0.2

OR

mozillaseamonkeyRange1.0–1.0.8

OR

mozillaseamonkeyRange1.1–1.1.1

Node

debiandebian_linuxMatch3.1

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
debiandebian_linux3.1cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

secunia.com/advisories/24384

secunia.com/advisories/24395

secunia.com/advisories/24455

secunia.com/advisories/24457

secunia.com/advisories/24650

secunia.com/advisories/25588

securitytracker.com/id?1017726

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

www.debian.org/security/2007/dsa-1336

www.mozilla.org/security/announce/2007/mfsa2007-09.html

www.novell.com/linux/security/advisories/2007_22_mozilla.html

www.redhat.com/support/errata/RHSA-2007-0078.html

www.redhat.com/support/errata/RHSA-2007-0097.html

www.securityfocus.com/bid/22826

www.vupen.com/english/advisories/2007/0823

issues.rpath.com/browse/RPL-1103

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9749

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7

Confidence

Low

EPSS

0.03

Percentile

91.1%

Related for NVD:CVE-2007-0994

ubuntucve1 cve1 mozilla1 cvelist1 prion1 securityvulns2 osv1 openvas4 nessus16 debian1 redhat3 suse2 centos4 oraclelinux2