Lucene search

[email protected]NVD:CVE-2007-0995

HistoryFeb 26, 2007 - 7:28 p.m.

CVE-2007-0995

2007-02-2619:28:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.219

Percentile

96.5%

JSON

Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.

Affected configurations

Nvd

Node

mozillafirefoxMatch1.5.0.10

mozillafirefoxMatch2.0

mozillafirefoxMatch2.0.0.1

mozillaseamonkeyRange≤1.0.7

VendorProductVersionCPE
mozillafirefox1.5.0.10cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
mozillafirefox2.0cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
mozillafirefox2.0.0.1cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	1.5.0.10	cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::*
mozilla	firefox	2.0	cpe:2.3:a:mozilla:firefox:2.0:::::::*
mozilla	firefox	2.0.0.1	cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::*
mozilla	seamonkey	*	cpe:2.3:a:mozilla:seamonkey::::::::

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

fedoranews.org/cms/node/2713

fedoranews.org/cms/node/2728

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2

lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

osvdb.org/32112

rhn.redhat.com/errata/RHSA-2007-0077.html

secunia.com/advisories/24205

secunia.com/advisories/24238

secunia.com/advisories/24287

secunia.com/advisories/24290

secunia.com/advisories/24293

secunia.com/advisories/24320

secunia.com/advisories/24328

secunia.com/advisories/24333

secunia.com/advisories/24342

secunia.com/advisories/24343

secunia.com/advisories/24384

secunia.com/advisories/24393

secunia.com/advisories/24395

secunia.com/advisories/24437

secunia.com/advisories/24455

secunia.com/advisories/24457

secunia.com/advisories/24650

secunia.com/advisories/25588

security.gentoo.org/glsa/glsa-200703-04.xml

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

www.debian.org/security/2007/dsa-1336

www.gentoo.org/security/en/glsa/glsa-200703-08.xml

www.mandriva.com/security/advisories?name=MDKSA-2007:050

www.mozilla.org/security/announce/2007/mfsa2007-02.html

www.novell.com/linux/security/advisories/2007_22_mozilla.html

www.osvdb.org/32111

www.redhat.com/support/errata/RHSA-2007-0078.html

www.redhat.com/support/errata/RHSA-2007-0079.html

www.redhat.com/support/errata/RHSA-2007-0097.html

www.redhat.com/support/errata/RHSA-2007-0108.html

www.securityfocus.com/archive/1/461336/100/0/threaded

www.securityfocus.com/archive/1/461809/100/0/threaded

www.securityfocus.com/bid/22694

www.securitytracker.com/id?1017702

www.ubuntu.com/usn/usn-428-1

www.vupen.com/english/advisories/2007/0718

www.vupen.com/english/advisories/2008/0083

issues.rpath.com/browse/RPL-1081

issues.rpath.com/browse/RPL-1103

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10164

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.219

Percentile

96.5%

JSON

Related for NVD:CVE-2007-0995

prion1 cve1 cvelist1 veracode1 ubuntucve1 jvn1 securityvulns2 mozilla1 openvas22 osv1 nessus30 debian1 gentoo2 redhat5 freebsd1 centos5 ubuntu2 oraclelinux3 suse2