Lucene search

[email protected]CVE-2007-0995

HistoryFeb 26, 2007 - 7:28 p.m.

CVE-2007-0995

2007-02-2619:28:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2007-0995

firefox

seamonkey

html attribute

bypass

content filter

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.161 Low

EPSS

Percentile

95.9%

JSON

Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.

CPENameOperatorVersion
mozilla:seamonkeymozilla seamonkeyle1.0.7
mozilla:firefoxmozilla firefoxeq1.5.0.10
mozilla:firefoxmozilla firefoxeq2.0
mozilla:firefoxmozilla firefoxeq2.0.0.1

CPE	Name	Operator	Version
mozilla:seamonkey	mozilla seamonkey	le	1.0.7
mozilla:firefox	mozilla firefox	eq	1.5.0.10
mozilla:firefox	mozilla firefox	eq	2.0
mozilla:firefox	mozilla firefox	eq	2.0.0.1

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

fedoranews.org/cms/node/2713

fedoranews.org/cms/node/2728

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2

lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

osvdb.org/32112

rhn.redhat.com/errata/RHSA-2007-0077.html

secunia.com/advisories/24205

secunia.com/advisories/24238

secunia.com/advisories/24287

secunia.com/advisories/24290

secunia.com/advisories/24293

secunia.com/advisories/24320

secunia.com/advisories/24328

secunia.com/advisories/24333

secunia.com/advisories/24342

secunia.com/advisories/24343

secunia.com/advisories/24384

secunia.com/advisories/24393

secunia.com/advisories/24395

secunia.com/advisories/24437

secunia.com/advisories/24455

secunia.com/advisories/24457

secunia.com/advisories/24650

secunia.com/advisories/25588

security.gentoo.org/glsa/glsa-200703-04.xml

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

www.debian.org/security/2007/dsa-1336

www.gentoo.org/security/en/glsa/glsa-200703-08.xml

www.mandriva.com/security/advisories?name=MDKSA-2007:050

www.mozilla.org/security/announce/2007/mfsa2007-02.html

www.novell.com/linux/security/advisories/2007_22_mozilla.html

www.osvdb.org/32111

www.redhat.com/support/errata/RHSA-2007-0078.html

www.redhat.com/support/errata/RHSA-2007-0079.html

www.redhat.com/support/errata/RHSA-2007-0097.html

www.redhat.com/support/errata/RHSA-2007-0108.html

www.securityfocus.com/archive/1/461336/100/0/threaded

www.securityfocus.com/archive/1/461809/100/0/threaded

www.securityfocus.com/bid/22694

www.securitytracker.com/id?1017702

www.ubuntu.com/usn/usn-428-1

www.vupen.com/english/advisories/2007/0718

www.vupen.com/english/advisories/2008/0083

issues.rpath.com/browse/RPL-1081

issues.rpath.com/browse/RPL-1103

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10164

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.161 Low

EPSS

Percentile

95.9%

JSON

Related for CVE-2007-0995

prion1 veracode1 ubuntucve1 jvn1 securityvulns2 mozilla1 openvas22 osv1 gentoo2 nessus30 debian1 freebsd1 redhat5 oraclelinux3 ubuntu2 centos5 suse2