CVE-2007-0996

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-0996

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

T

he child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

References
Link Resource
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://osvdb.org/33812
http://rhn.redhat.com/errata/RHSA-2007-0077.html
http://secunia.com/advisories/24205
http://secunia.com/advisories/24287
http://secunia.com/advisories/24290
http://secunia.com/advisories/24320
http://secunia.com/advisories/24328
http://secunia.com/advisories/24333
http://secunia.com/advisories/24342
http://secunia.com/advisories/24343
http://secunia.com/advisories/24384
http://secunia.com/advisories/24395
http://secunia.com/advisories/24455
http://secunia.com/advisories/24457
http://secunia.com/advisories/24650
http://secunia.com/advisories/25588
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://www.debian.org/security/2007/dsa-1336
http://www.hardened-php.net/advisory_032007.142.html Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html Patch Vendor Advisory
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.redhat.com/support/errata/RHSA-2007-0078.html
http://www.redhat.com/support/errata/RHSA-2007-0079.html
http://www.redhat.com/support/errata/RHSA-2007-0097.html
http://www.redhat.com/support/errata/RHSA-2007-0108.html
http://www.securityfocus.com/archive/1/461076/100/0/threaded
http://www.securityfocus.com/archive/1/461336/100/0/threaded
http://www.securityfocus.com/bid/22694
http://www.securitytracker.com/id?1017702
http://www.ubuntu.com/usn/usn-428-1
http://www.vupen.com/english/advisories/2007/0718
https://issues.rpath.com/browse/RPL-1103
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10086
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://osvdb.org/33812
http://rhn.redhat.com/errata/RHSA-2007-0077.html
http://secunia.com/advisories/24205
http://secunia.com/advisories/24287
http://secunia.com/advisories/24290
http://secunia.com/advisories/24320
http://secunia.com/advisories/24328
http://secunia.com/advisories/24333
http://secunia.com/advisories/24342
http://secunia.com/advisories/24343
http://secunia.com/advisories/24384
http://secunia.com/advisories/24395
http://secunia.com/advisories/24455
http://secunia.com/advisories/24457
http://secunia.com/advisories/24650
http://secunia.com/advisories/25588
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://www.debian.org/security/2007/dsa-1336
http://www.hardened-php.net/advisory_032007.142.html Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html Patch Vendor Advisory
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.redhat.com/support/errata/RHSA-2007-0078.html
http://www.redhat.com/support/errata/RHSA-2007-0079.html
http://www.redhat.com/support/errata/RHSA-2007-0097.html
http://www.redhat.com/support/errata/RHSA-2007-0108.html
http://www.securityfocus.com/archive/1/461076/100/0/threaded
http://www.securityfocus.com/archive/1/461336/100/0/threaded
http://www.securityfocus.com/bid/22694
http://www.securitytracker.com/id?1017702
http://www.ubuntu.com/usn/usn-428-1
http://www.vupen.com/english/advisories/2007/0718
https://issues.rpath.com/browse/RPL-1103
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10086
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
History

21 Nov 2024, 00:27

Type Values Removed Values Added
References () ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc - () ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc -
References () ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc - () ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc -
References () http://fedoranews.org/cms/node/2713 - () http://fedoranews.org/cms/node/2713 -
References () http://fedoranews.org/cms/node/2728 - () http://fedoranews.org/cms/node/2728 -
References () http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 - () http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 -
References () http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html - () http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html -
References () http://osvdb.org/33812 - () http://osvdb.org/33812 -
References () http://rhn.redhat.com/errata/RHSA-2007-0077.html - () http://rhn.redhat.com/errata/RHSA-2007-0077.html -
References () http://secunia.com/advisories/24205 - () http://secunia.com/advisories/24205 -
References () http://secunia.com/advisories/24287 - () http://secunia.com/advisories/24287 -
References () http://secunia.com/advisories/24290 - () http://secunia.com/advisories/24290 -
References () http://secunia.com/advisories/24320 - () http://secunia.com/advisories/24320 -
References () http://secunia.com/advisories/24328 - () http://secunia.com/advisories/24328 -
References () http://secunia.com/advisories/24333 - () http://secunia.com/advisories/24333 -
References () http://secunia.com/advisories/24342 - () http://secunia.com/advisories/24342 -
References () http://secunia.com/advisories/24343 - () http://secunia.com/advisories/24343 -
References () http://secunia.com/advisories/24384 - () http://secunia.com/advisories/24384 -
References () http://secunia.com/advisories/24395 - () http://secunia.com/advisories/24395 -
References () http://secunia.com/advisories/24455 - () http://secunia.com/advisories/24455 -
References () http://secunia.com/advisories/24457 - () http://secunia.com/advisories/24457 -
References () http://secunia.com/advisories/24650 - () http://secunia.com/advisories/24650 -
References () http://secunia.com/advisories/25588 - () http://secunia.com/advisories/25588 -
References () http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 - () http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 -
References () http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 - () http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 -
References () http://www.debian.org/security/2007/dsa-1336 - () http://www.debian.org/security/2007/dsa-1336 -
References () http://www.hardened-php.net/advisory_032007.142.html - Vendor Advisory () http://www.hardened-php.net/advisory_032007.142.html - Vendor Advisory
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 -
References () http://www.mozilla.org/security/announce/2007/mfsa2007-02.html - Patch, Vendor Advisory () http://www.mozilla.org/security/announce/2007/mfsa2007-02.html - Patch, Vendor Advisory
References () http://www.novell.com/linux/security/advisories/2007_22_mozilla.html - () http://www.novell.com/linux/security/advisories/2007_22_mozilla.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0078.html - () http://www.redhat.com/support/errata/RHSA-2007-0078.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0079.html - () http://www.redhat.com/support/errata/RHSA-2007-0079.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0097.html - () http://www.redhat.com/support/errata/RHSA-2007-0097.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0108.html - () http://www.redhat.com/support/errata/RHSA-2007-0108.html -
References () http://www.securityfocus.com/archive/1/461076/100/0/threaded - () http://www.securityfocus.com/archive/1/461076/100/0/threaded -
References () http://www.securityfocus.com/archive/1/461336/100/0/threaded - () http://www.securityfocus.com/archive/1/461336/100/0/threaded -
References () http://www.securityfocus.com/bid/22694 - () http://www.securityfocus.com/bid/22694 -
References () http://www.securitytracker.com/id?1017702 - () http://www.securitytracker.com/id?1017702 -
References () http://www.ubuntu.com/usn/usn-428-1 - () http://www.ubuntu.com/usn/usn-428-1 -
References () http://www.vupen.com/english/advisories/2007/0718 - () http://www.vupen.com/english/advisories/2007/0718 -
References () https://issues.rpath.com/browse/RPL-1103 - () https://issues.rpath.com/browse/RPL-1103 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10086 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10086 -
Information

Published : 2007-02-27 02:28

Updated : 2025-04-09 00:30

NVD link : CVE-2007-0996

Mitre link : CVE-2007-0996

CVE.ORG link : CVE-2007-0996

JSON object : View

Products Affected

mozilla

CWE
NVD-CWE-Other