CVE-2007-0994

Description

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9749

http://www.vupen.com/english/advisories/2007/0823

http://www.securityfocus.com/bid/22826

http://www.redhat.com/support/errata/RHSA-2007-0097.html

http://www.redhat.com/support/errata/RHSA-2007-0078.html

http://www.mozilla.org/security/announce/2007/mfsa2007-09.html

http://www.debian.org/security/2007/dsa-1336

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

http://securitytracker.com/id?1017726

http://secunia.com/advisories/25588

http://secunia.com/advisories/24650

http://secunia.com/advisories/24457

http://secunia.com/advisories/24455

http://secunia.com/advisories/24395

http://secunia.com/advisories/24384

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3