6.3 Medium
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.02 Low
EPSS
Percentile
88.7%
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the “chrome” flag and XML User Interface Language (XUL) files.
CPE | Name | Operator | Version |
---|---|---|---|
mozilla:thunderbird | mozilla thunderbird | le | 0.7 |
mozilla:firefox | mozilla firefox | le | 0.9 |
mozilla:mozilla | mozilla | le | 1.7 |
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
bugzilla.mozilla.org/show_bug.cgi?id=244965
marc.info/?l=bugtraq&m=109900315219363&w=2
secunia.com/advisories/12188
www.kb.cert.org/vuls/id/262350
www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7
www.novell.com/linux/security/advisories/2004_36_mozilla.html
www.redhat.com/support/errata/RHSA-2004-421.html
www.securityfocus.com/bid/10832
www.securityfocus.com/bid/15495
exchange.xforce.ibmcloud.com/vulnerabilities/16837
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419