Back to search
CVE-2007-0994
Published: Mar 6, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2007:0078
vendor-advisory
x_refsource_REDHAT
oval:org.mitre.oval:def:9749
vdb-entry
signature
x_refsource_OVAL
24395
third-party-advisory
x_refsource_SECUNIA
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733
x_refsource_CONFIRM
SSA:2007-066-03
vendor-advisory
x_refsource_SLACKWARE
24384
third-party-advisory
x_refsource_SECUNIA
24457
third-party-advisory
x_refsource_SECUNIA
DSA-1336
vendor-advisory
x_refsource_DEBIAN
HPSBUX02153
vendor-advisory
x_refsource_HP
24650
third-party-advisory
x_refsource_SECUNIA
http://www.mozilla.org/security/announce/2007/mfsa2007-09.html
x_refsource_CONFIRM
25588
third-party-advisory
x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1103
x_refsource_CONFIRM
1017726
vdb-entry
x_refsource_SECTRACK
SUSE-SA:2007:019
vendor-advisory
x_refsource_SUSE
SUSE-SA:2007:022
vendor-advisory
x_refsource_SUSE
ADV-2007-0823
vdb-entry
x_refsource_VUPEN
SSRT061181
vendor-advisory
x_refsource_HP
RHSA-2007:0097
vendor-advisory
x_refsource_REDHAT
24455
third-party-advisory
x_refsource_SECUNIA
SSA:2007-066-05
vendor-advisory
x_refsource_SLACKWARE
22826
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now