[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-0994Date: (C)2007-03-05   (M)2023-12-22


A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1017726
20070202-01-P
20070301-01-P
BID-22826
SECUNIA-24384
SECUNIA-24395
SECUNIA-24455
SECUNIA-24457
SECUNIA-24650
SECUNIA-25588
ADV-2007-0823
DSA-1336
RHSA-2007:0078
RHSA-2007:0097
SSA:2007-066-03
SSA:2007-066-05
SSRT061181
SUSE-SA:2007:019
SUSE-SA:2007:022
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733
http://www.mozilla.org/security/announce/2007/mfsa2007-09.html
https://issues.rpath.com/browse/RPL-1103
oval:org.mitre.oval:def:9749

CPE    3
cpe:/a:mozilla:seamonkey
cpe:/o:debian:debian_linux:3.1
cpe:/a:mozilla:firefox
CWE    1
CWE-94

© SecPod Technologies