Lucene search

[email protected]CVE-2007-1878

HistoryApr 06, 2007 - 12:19 a.m.

CVE-2007-1878

2007-04-0600:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-1878

cross-zone scripting

dom templates

firebug extension

mozilla firefox

zone restrictions

7.1 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.073 Low

EPSS

Percentile

94.0%

JSON

Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as demonstrated via the runFile function, related to lack of HTML escaping in the property name.

CPENameOperatorVersion
parakey_inc.:firebugparakey inc. firebugeq1.01
parakey_inc.:firebugparakey inc. firebugeq1.02

CPE	Name	Operator	Version
parakey_inc.:firebug	parakey inc. firebug	eq	1.01
parakey_inc.:firebug	parakey inc. firebug	eq	1.02

References

larholm.com/2007/04/06/0day-vulnerability-in-firebug/

secunia.com/advisories/24743

securityreason.com/securityalert/2525

www.getfirebug.com/blog/2007/04/04/security-update/

www.gnucitizen.org/blog/firebug-goes-evil

www.securityfocus.com/archive/1/464740/100/0/threaded

www.securityfocus.com/archive/1/464786/100/0/threaded

www.securityfocus.com/bid/23315

www.vupen.com/english/advisories/2007/1272

exchange.xforce.ibmcloud.com/vulnerabilities/33451

7.1 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.073 Low

EPSS

Percentile

94.0%

JSON

Related for CVE-2007-1878

prion2 securityvulns1 cve1