VDB
CVE-2007-1092
CVE-2007-1092
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.
EPSS 21.38% · 95.8th percentile
Risk Scores
CVSS 2.0
9.300000190734863
EPSS Score
21.38%
95.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| mozilla | firefox | 1.5.0.9, 2.0.0.1 |
| mozilla | seamonkey | 0 |
| n/a | n/a | n/a |
Exploit Intelligence
- https://issues.rpath.com/browse/RPL-1103 (circl)
- 24333 (circl)
- 1017701 (circl)
- 24395 (circl)
- https://bugzilla.mozilla.org/show_bug.cgi?id=371321 (circl)
- 24457 (circl)
- 24343 (circl)
- HPSBUX02153 (circl)
- ie-mozilla-onunload-dos(32647) (circl)
- 20070222 Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) (circl)
…and 18 more exploits
Timeline
- Feb 26, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 3, 2022 CVE Updated
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- http://secunia.com/advisories/24384 technical
- RHSA-2007:0078 vendor-advisory
- 1017701 vdb
- 24395 third-party-advisory
- 24457 third-party-advisory
- 24343 third-party-advisory
- HPSBUX02153 vendor-advisory
- 22679 vdb
- ie-mozilla-onunload-dos(32647) vdb
- 20070222 Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) mailing-list
- VU#393921 third-party-advisory
- 24650 third-party-advisory
- USN-428-1 vendor-advisory
- 2302 third-party-advisory
- https://issues.rpath.com/browse/RPL-1103 url
- SUSE-SA:2007:019 vendor-advisory
- SUSE-SA:2007:022 vendor-advisory
- mozilla-onunload-code-execution(32648) vdb
- 32103 vdb
- 20070223 Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) mailing-list
…and 9 more