CVE-2007-0994 — Vulnetix

Try Vulnetix Request Demo

CVE-2007-0994 PUBLISHED CVSS 6.800000190734863 MEDIUM

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.

EPSS 2.60% · 85.5th percentile

Risk Scores

CVSS v2.0

6.800000190734863

EPSS Score

2.60%

85.5th percentile

Affected Products

Vendor	Product	Versions
debian	debian_linux	3.1
mozilla	firefox	1.5, 2.0
n/a	n/a	n/a
mozilla	seamonkey	1.0, 1.1

Timeline

Mar 6, 2007 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score
Oct 22, 2023 EPSS Score

References

RHSA-2007:0078 vendor-advisory
oval:org.mitre.oval:def:9749 vdb
24395 third-party-advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733 url
SSA:2007-066-03 vendor-advisory
24384 third-party-advisory
24457 third-party-advisory
DSA-1336 vendor-advisory
HPSBUX02153 vendor-advisory
24650 third-party-advisory
http://www.mozilla.org/security/announce/2007/mfsa2007-09.html url
25588 third-party-advisory
https://issues.rpath.com/browse/RPL-1103 url
1017726 vdb
SUSE-SA:2007:019 vendor-advisory
SUSE-SA:2007:022 vendor-advisory
ADV-2007-0823 vdb
RHSA-2007:0097 vendor-advisory
20070301-01-P vendor-advisory
24455 third-party-advisory

…and 4 more

Open in Interactive Console →