Lucene search

MitreCVE-2007-2060

HistoryApr 18, 2007 - 3:19 a.m.

CVE-2007-2060

2007-04-1803:19:00

mitre

web.nvd.nist.gov

cve-2007-2060

cross-zone scripting

wizz rss reader

mozilla firefox

remote code execution

security vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

High

EPSS

0.038

Percentile

91.9%

JSON

Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM.

Affected configurations

Nvd

Node

wizz_computerswizz_rss_readerRange≤2.1.8

VendorProductVersionCPE
wizz_computerswizz_rss_reader*cpe:2.3:a:wizz_computers:wizz_rss_reader:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wizz_computers	wizz_rss_reader	*	cpe:2.3:a:wizz_computers:wizz_rss_reader::::::::

References

osvdb.org/34534

secunia.com/advisories/24913

wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/

www.kb.cert.org/vuls/id/319464

www.kb.cert.org/vuls/id/MIMG-6ZKP4T

www.securityfocus.com/bid/23523

www.vupen.com/english/advisories/2007/1425

addons.mozilla.org/en-US/firefox/addon/424

exchange.xforce.ibmcloud.com/vulnerabilities/33693

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

High

EPSS

0.038

Percentile

91.9%

JSON

Related for CVE-2007-2060