CVE-2007-1092 — Vulnetix

Try Vulnetix Request Demo

CVE-2007-1092 PUBLISHED CVSS 9.300000190734863 CRITICAL

Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.

EPSS 21.38% · 95.6th percentile

Risk Scores

CVSS v2.0

9.300000190734863

EPSS Score

21.38%

95.6th percentile

Affected Products

Vendor	Product	Versions
mozilla	firefox	1.5.0.9, 2.0.0.1
mozilla	seamonkey	0
n/a	n/a	n/a

Timeline

Feb 26, 2007 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 3, 2022 CVE Updated
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 31, 2023 EPSS Score
Aug 31, 2023 EPSS Score

References

http://secunia.com/advisories/24384 technical
RHSA-2007:0078 vendor-advisory
1017701 vdb
24395 third-party-advisory
24457 third-party-advisory
24343 third-party-advisory
HPSBUX02153 vendor-advisory
22679 vdb
ie-mozilla-onunload-dos(32647) vdb
20070222 Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) mailing-list
VU#393921 third-party-advisory
24650 third-party-advisory
USN-428-1 vendor-advisory
2302 third-party-advisory
https://issues.rpath.com/browse/RPL-1103 url
SUSE-SA:2007:019 vendor-advisory
SUSE-SA:2007:022 vendor-advisory
mozilla-onunload-code-execution(32648) vdb
32103 vdb
20070223 Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) mailing-list

…and 9 more

Open in Interactive Console →