CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
91.1%
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
secunia.com/advisories/24384
secunia.com/advisories/24395
secunia.com/advisories/24455
secunia.com/advisories/24457
secunia.com/advisories/24650
secunia.com/advisories/25588
securitytracker.com/id?1017726
slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
www.debian.org/security/2007/dsa-1336
www.mozilla.org/security/announce/2007/mfsa2007-09.html
www.novell.com/linux/security/advisories/2007_22_mozilla.html
www.redhat.com/support/errata/RHSA-2007-0078.html
www.redhat.com/support/errata/RHSA-2007-0097.html
www.securityfocus.com/bid/22826
www.vupen.com/english/advisories/2007/0823
issues.rpath.com/browse/RPL-1103
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9749