Home > Vulnerability Database > CVE-2007-0994

Mend.io Vulnerability Database

CVE-2007-0994

Date: March 5, 2007

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.

Severity Score

5.6

Related Resources (26)

Url: http://securitytracker.com/id?1017726

Url: https://issues.rpath.com/browse/RPL-1103

Url: ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

Url: http://www.novell.com/linux/security/advisories/2007_22_mozilla.html

Url: http://www.vupen.com/english/advisories/2007/0823

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

Url: http://secunia.com/advisories/24384

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Url: https://access.redhat.com/security/cve/CVE-2007-0994

Url: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

Url: ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

Url: http://www.securityfocus.com/bid/22826

Url: http://www.debian.org/security/2007/dsa-1336

Url: http://www.redhat.com/support/errata/RHSA-2007-0078.html

Url: http://secunia.com/advisories/24457

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-0994

Url: http://secunia.com/advisories/24650

Url: http://www.redhat.com/support/errata/RHSA-2007-0097.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9749

Url: http://secunia.com/advisories/24395

Url: http://secunia.com/advisories/25588

Url: http://secunia.com/advisories/24455

Url: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733

Url: http://www.mozilla.org/security/announce/2007/mfsa2007-09.html

Url: https://www.mend.io/vulnerability-database/CVE-2007-0994

Severity Score

5.6

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-0994

Date: March 5, 2007

Severity Score

Related Resources (26)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?