Lucene search

[email protected]CVE-2007-0996

HistoryFeb 27, 2007 - 2:28 a.m.

CVE-2007-0996

2007-02-2702:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-0996

mozilla firefox

seamonkey

xss

utf-7

cross-site scripting

nvd

5.4 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.115 Low

EPSS

Percentile

95.2%

JSON

The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

CPENameOperatorVersion
mozilla:seamonkeymozilla seamonkeyeq1.0.3
mozilla:firefoxmozilla firefoxeq1.5
mozilla:seamonkeymozilla seamonkeyeq1.0.1
mozilla:seamonkeymozilla seamonkeyeq1.0.6
mozilla:firefoxmozilla firefoxeq1.5.0.6
mozilla:firefoxmozilla firefoxeq1.5.0.3
mozilla:seamonkeymozilla seamonkeyeq1.0
mozilla:seamonkeymozilla seamonkeyeq1.0.7
mozilla:seamonkeymozilla seamonkeyeq1.0.2
mozilla:firefoxmozilla firefoxeq1.5.0.7

CPE	Name	Operator	Version
mozilla:seamonkey	mozilla seamonkey	eq	1.0.3
mozilla:firefox	mozilla firefox	eq	1.5
mozilla:seamonkey	mozilla seamonkey	eq	1.0.1
mozilla:seamonkey	mozilla seamonkey	eq	1.0.6
mozilla:firefox	mozilla firefox	eq	1.5.0.6
mozilla:firefox	mozilla firefox	eq	1.5.0.3
mozilla:seamonkey	mozilla seamonkey	eq	1.0
mozilla:seamonkey	mozilla seamonkey	eq	1.0.7
mozilla:seamonkey	mozilla seamonkey	eq	1.0.2
mozilla:firefox	mozilla firefox	eq	1.5.0.7

Rows per page:

1-10 of 201

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

fedoranews.org/cms/node/2713

fedoranews.org/cms/node/2728

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

osvdb.org/33812

rhn.redhat.com/errata/RHSA-2007-0077.html

secunia.com/advisories/24205

secunia.com/advisories/24287

secunia.com/advisories/24290

secunia.com/advisories/24320

secunia.com/advisories/24328

secunia.com/advisories/24333

secunia.com/advisories/24342

secunia.com/advisories/24343

secunia.com/advisories/24384

secunia.com/advisories/24395

secunia.com/advisories/24455

secunia.com/advisories/24457

secunia.com/advisories/24650

secunia.com/advisories/25588

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

www.debian.org/security/2007/dsa-1336

www.hardened-php.net/advisory_032007.142.html

www.mandriva.com/security/advisories?name=MDKSA-2007:050

www.mozilla.org/security/announce/2007/mfsa2007-02.html

www.novell.com/linux/security/advisories/2007_22_mozilla.html

www.redhat.com/support/errata/RHSA-2007-0078.html

www.redhat.com/support/errata/RHSA-2007-0079.html

www.redhat.com/support/errata/RHSA-2007-0097.html

www.redhat.com/support/errata/RHSA-2007-0108.html

www.securityfocus.com/archive/1/461076/100/0/threaded

www.securityfocus.com/archive/1/461336/100/0/threaded

www.securityfocus.com/bid/22694

www.securitytracker.com/id?1017702

www.ubuntu.com/usn/usn-428-1

www.vupen.com/english/advisories/2007/0718

issues.rpath.com/browse/RPL-1103

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10086

5.4 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.115 Low

EPSS

Percentile

95.2%

JSON

Related for CVE-2007-0996

veracode1 prion1 ubuntucve1 securityvulns2 mozilla1 osv1 openvas14 nessus27 debian1 redhat5 oraclelinux3 centos5 ubuntu2 suse2