CVE-2007-0994
N/A
N/A
Summary
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.redhat.com/support/errata/RHSA-2007-0078.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9749
- http://secunia.com/advisories/24395
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
- http://secunia.com/advisories/24384
- http://secunia.com/advisories/24457
- http://www.debian.org/security/2007/dsa-1336
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://secunia.com/advisories/24650
- http://www.mozilla.org/security/announce/2007/mfsa2007-09.html
- http://secunia.com/advisories/25588
- https://issues.rpath.com/browse/RPL-1103
- http://securitytracker.com/id?1017726
- http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
- http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
- http://www.vupen.com/english/advisories/2007/0823
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://www.redhat.com/support/errata/RHSA-2007-0097.html
- ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
- http://secunia.com/advisories/24455
- ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
- http://www.securityfocus.com/bid/22826
References
- http://www.redhat.com/support/errata/RHSA-2007-0078.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9749
- http://secunia.com/advisories/24395
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
- http://secunia.com/advisories/24384
- http://secunia.com/advisories/24457
- http://www.debian.org/security/2007/dsa-1336
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://secunia.com/advisories/24650
- http://www.mozilla.org/security/announce/2007/mfsa2007-09.html
- http://secunia.com/advisories/25588
- https://issues.rpath.com/browse/RPL-1103
- http://securitytracker.com/id?1017726
- http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
- http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
- http://www.vupen.com/english/advisories/2007/0823
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://www.redhat.com/support/errata/RHSA-2007-0097.html
- ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
- http://secunia.com/advisories/24455
- ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
- http://www.securityfocus.com/bid/22826
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.