CVE-2007-0994 — Vulnetix

CVE-2007-0994 PUBLISHED CVSS 6.800000190734863 MEDIUM

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.

EPSS 3.17% · 87.2th percentile

Risk Scores

CVSS 2.0

6.800000190734863

EPSS Score

3.17%

87.2th percentile

Affected Products

Vendor	Product	Versions
debian	debian_linux	3.1
mozilla	firefox	1.5, 2.0
n/a	n/a	n/a
mozilla	seamonkey	1.0, 1.1

Exploit Intelligence

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733 (vulncheck-nvd)
RHSA-2007:0078 (circl)
oval:org.mitre.oval:def:9749 (circl)
24395 (circl)
SSA:2007-066-03 (circl)
24384 (circl)
24457 (circl)
DSA-1336 (circl)
HPSBUX02153 (circl)
24650 (circl)

…and 13 more exploits

Timeline

Mar 6, 2007 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 17, 2023 EPSS Score
Sep 8, 2023 EPSS Score
Nov 30, 2023 EPSS Score

References

RHSA-2007:0078 vendor-advisory
oval:org.mitre.oval:def:9749 vdb
24395 third-party-advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733 url
SSA:2007-066-03 vendor-advisory
24384 third-party-advisory
24457 third-party-advisory
DSA-1336 vendor-advisory
HPSBUX02153 vendor-advisory
24650 third-party-advisory
http://www.mozilla.org/security/announce/2007/mfsa2007-09.html url
25588 third-party-advisory
https://issues.rpath.com/browse/RPL-1103 url
1017726 vdb
SUSE-SA:2007:019 vendor-advisory
SUSE-SA:2007:022 vendor-advisory
ADV-2007-0823 vdb
RHSA-2007:0097 vendor-advisory
20070301-01-P vendor-advisory
24455 third-party-advisory

…and 4 more

Open in Interactive Console →