CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
96.5%
Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
fedoranews.org/cms/node/2713
fedoranews.org/cms/node/2728
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2
lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
osvdb.org/32112
rhn.redhat.com/errata/RHSA-2007-0077.html
secunia.com/advisories/24205
secunia.com/advisories/24238
secunia.com/advisories/24287
secunia.com/advisories/24290
secunia.com/advisories/24293
secunia.com/advisories/24320
secunia.com/advisories/24328
secunia.com/advisories/24333
secunia.com/advisories/24342
secunia.com/advisories/24343
secunia.com/advisories/24384
secunia.com/advisories/24393
secunia.com/advisories/24395
secunia.com/advisories/24437
secunia.com/advisories/24455
secunia.com/advisories/24457
secunia.com/advisories/24650
secunia.com/advisories/25588
security.gentoo.org/glsa/glsa-200703-04.xml
slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
www.debian.org/security/2007/dsa-1336
www.gentoo.org/security/en/glsa/glsa-200703-08.xml
www.mandriva.com/security/advisories?name=MDKSA-2007:050
www.mozilla.org/security/announce/2007/mfsa2007-02.html
www.novell.com/linux/security/advisories/2007_22_mozilla.html
www.osvdb.org/32111
www.redhat.com/support/errata/RHSA-2007-0078.html
www.redhat.com/support/errata/RHSA-2007-0079.html
www.redhat.com/support/errata/RHSA-2007-0097.html
www.redhat.com/support/errata/RHSA-2007-0108.html
www.securityfocus.com/archive/1/461336/100/0/threaded
www.securityfocus.com/archive/1/461809/100/0/threaded
www.securityfocus.com/bid/22694
www.securitytracker.com/id?1017702
www.ubuntu.com/usn/usn-428-1
www.vupen.com/english/advisories/2007/0718
www.vupen.com/english/advisories/2008/0083
issues.rpath.com/browse/RPL-1081
issues.rpath.com/browse/RPL-1103
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10164