CVE-2007-2060

2007-04-1802:20:00

mitre

www.cve.org

AI Score

6.9

Confidence

High

EPSS

0.038

Percentile

91.9%

JSON

Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM.

References

osvdb.org/34534

secunia.com/advisories/24913

wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/

www.kb.cert.org/vuls/id/319464

www.kb.cert.org/vuls/id/MIMG-6ZKP4T

www.securityfocus.com/bid/23523

www.vupen.com/english/advisories/2007/1425

addons.mozilla.org/en-US/firefox/addon/424

exchange.xforce.ibmcloud.com/vulnerabilities/33693