Lucene search

K

[email protected]NVD:CVE-2007-1092

HistoryFeb 26, 2007 - 5:28 p.m.

CVE-2007-1092

2007-02-2617:28:00

[email protected]

web.nvd.nist.gov

7

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.967

Percentile

99.7%

Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.

Affected configurations

Nvd

Node

mozillafirefoxMatch1.5.0.9

OR

mozillafirefoxMatch2.0.0.1

OR

mozillaseamonkeyRange≤1.0.7

VendorProductVersionCPE
mozillafirefox1.5.0.9cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
mozillafirefox2.0.0.1cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

archives.neohapsis.com/archives/fulldisclosure/2007-02/0525.html

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

osvdb.org/32103

secunia.com/advisories/24333

secunia.com/advisories/24343

secunia.com/advisories/24384

secunia.com/advisories/24395

secunia.com/advisories/24457

secunia.com/advisories/24650

securityreason.com/securityalert/2302

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

www.kb.cert.org/vuls/id/393921

www.mandriva.com/security/advisories?name=MDKSA-2007:050

www.mozilla.org/security/announce/2007/mfsa2007-08.html

www.novell.com/linux/security/advisories/2007_22_mozilla.html

www.redhat.com/support/errata/RHSA-2007-0078.html

www.securityfocus.com/archive/1/461024/100/0/threaded

www.securityfocus.com/bid/22679

www.securitytracker.com/id?1017701

www.ubuntu.com/usn/usn-428-1

bugzilla.mozilla.org/show_bug.cgi?id=371321

exchange.xforce.ibmcloud.com/vulnerabilities/32647

exchange.xforce.ibmcloud.com/vulnerabilities/32648

issues.rpath.com/browse/RPL-1103

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11158

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.967

Percentile

99.7%

Related for NVD:CVE-2007-1092

cvelist2 prion2 cert1 mozilla1 securityvulns2 cve2 ubuntucve2 nvd1 freebsd1 openvas12 nessus17 oraclelinux3 redhat3 ubuntu2 centos5 suse2