Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-0994

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.

Published

2007-03-06T00:19:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox	< 1.5.0.10	Yes
Application	mozilla	firefox	< 2.0.0.2	Yes
Application	mozilla	seamonkey	< 1.0.8	Yes
Application	mozilla	seamonkey	< 1.1.1	Yes
Operating System	debian	debian_linux	3.1	Yes

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc Broken Link ([email protected])
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc Broken Link ([email protected])
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733 Exploit, Issue Tracking, Patch, Third Party Advisory ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 Broken Link ([email protected])
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html Broken Link ([email protected])
http://secunia.com/advisories/24384 Third Party Advisory ([email protected])
http://secunia.com/advisories/24395 Third Party Advisory ([email protected])
http://secunia.com/advisories/24455 Third Party Advisory ([email protected])
http://secunia.com/advisories/24457 Third Party Advisory ([email protected])
http://secunia.com/advisories/24650 Third Party Advisory ([email protected])
http://secunia.com/advisories/25588 Third Party Advisory ([email protected])
http://securitytracker.com/id?1017726 Third Party Advisory, VDB Entry ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 Mailing List, Third Party Advisory ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 Mailing List, Third Party Advisory ([email protected])
http://www.debian.org/security/2007/dsa-1336 Third Party Advisory ([email protected])
http://www.mozilla.org/security/announce/2007/mfsa2007-09.html Vendor Advisory ([email protected])
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0078.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0097.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/22826 Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2007/0823 Third Party Advisory ([email protected])
https://issues.rpath.com/browse/RPL-1103 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9749 Third Party Advisory ([email protected])
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc Broken Link (af854a3a-2127-422b-91ae-364da2661108)
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733 Exploit, Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24384 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24395 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24455 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24457 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24650 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25588 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1017726 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1336 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2007/mfsa2007-09.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0078.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0097.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/22826 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/0823 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-1103 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9749 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)