Lucene search

[email protected]NVD:CVE-2007-3736

HistoryJul 18, 2007 - 5:30 p.m.

CVE-2007-3736

2007-07-1817:30:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.491

Percentile

97.5%

JSON

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script “into another site’s context” via a “timing issue” involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed.

Affected configurations

Nvd

Node

mozillafirefoxMatch2.0

mozillafirefoxMatch2.0.0.1

mozillafirefoxMatch2.0.0.2

mozillafirefoxMatch2.0.0.3

mozillafirefoxMatch2.0.0.4

References

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt

ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

secunia.com/advisories/25589

secunia.com/advisories/26072

secunia.com/advisories/26095

secunia.com/advisories/26103

secunia.com/advisories/26106

secunia.com/advisories/26107

secunia.com/advisories/26149

secunia.com/advisories/26151

secunia.com/advisories/26159

secunia.com/advisories/26179

secunia.com/advisories/26204

secunia.com/advisories/26205

secunia.com/advisories/26211

secunia.com/advisories/26216

secunia.com/advisories/26258

secunia.com/advisories/26271

secunia.com/advisories/26460

secunia.com/advisories/28135

sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1

sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html

www.debian.org/security/2007/dsa-1337

www.debian.org/security/2007/dsa-1338

www.debian.org/security/2007/dsa-1339

www.gentoo.org/security/en/glsa/glsa-200708-09.xml

www.mandriva.com/security/advisories?name=MDKSA-2007:152

www.mozilla.org/security/announce/2007/mfsa2007-19.html

www.novell.com/linux/security/advisories/2007_49_mozilla.html

www.redhat.com/support/errata/RHSA-2007-0722.html

www.redhat.com/support/errata/RHSA-2007-0723.html

www.redhat.com/support/errata/RHSA-2007-0724.html

www.securityfocus.com/archive/1/474226/100/0/threaded

www.securityfocus.com/archive/1/474542/100/0/threaded

www.securityfocus.com/bid/24946

www.securitytracker.com/id?1018410

www.ubuntu.com/usn/usn-490-1

www.vupen.com/english/advisories/2007/2564

www.vupen.com/english/advisories/2007/4256

exchange.xforce.ibmcloud.com/vulnerabilities/35462

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11749

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.491

Percentile

97.5%

JSON

Related for NVD:CVE-2007-3736

securityvulns2 cve2 cvelist2 ubuntucve2 veracode1 prion2 mozilla1 nvd1 seebug1 oraclelinux3 centos4 openvas37 nessus36 fedora10 redhat3 osv3 debian3 ubuntu1 gentoo1 suse2