Home > Vulnerability Database > CVE-2007-0995

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2007-0995

Date: February 26, 2007

Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.

Severity Score

3.7

Related Resources (54)

Url: http://secunia.com/advisories/24290

Url: http://www.securityfocus.com/archive/1/461809/100/0/threaded

Url: http://secunia.com/advisories/24293

Url: https://issues.rpath.com/browse/RPL-1081

Url: http://secunia.com/advisories/24328

Url: http://secunia.com/advisories/24205

Url: http://www.novell.com/linux/security/advisories/2007_22_mozilla.html

Url: http://secunia.com/advisories/24320

Url: http://secunia.com/advisories/24287

Url: http://www.ubuntu.com/usn/usn-428-1

Url: http://security.gentoo.org/glsa/glsa-200703-04.xml

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Url: http://www.securityfocus.com/archive/1/461336/100/0/threaded

Url: ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

Url: http://www.debian.org/security/2007/dsa-1336

Url: http://www.securitytracker.com/id?1017702

Url: http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml

Url: http://www.redhat.com/support/errata/RHSA-2007-0078.html

Url: http://secunia.com/advisories/24457

Url: http://www.osvdb.org/32111

Url: http://www.vupen.com/english/advisories/2007/0718

Url: http://secunia.com/advisories/24650

Url: http://www.redhat.com/support/errata/RHSA-2007-0097.html

Url: http://osvdb.org/32112

Url: http://secunia.com/advisories/25588

Url: http://secunia.com/advisories/24455

Url: http://secunia.com/advisories/24333

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10164

Url: http://secunia.com/advisories/24393

Url: http://www.securityfocus.com/bid/22694

Url: http://fedoranews.org/cms/node/2728

Url: https://issues.rpath.com/browse/RPL-1103

Url: http://www.mozilla.org/security/announce/2007/mfsa2007-02.html

Url: ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

Url: http://www.vupen.com/english/advisories/2008/0083

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

Url: http://secunia.com/advisories/24342

Url: http://www.redhat.com/support/errata/RHSA-2007-0079.html

Url: http://secunia.com/advisories/24384

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:050

Url: http://secunia.com/advisories/24343

Url: https://access.redhat.com/security/cve/CVE-2007-0995

Url: http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2

Url: http://fedoranews.org/cms/node/2713

Url: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-0995

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-0995

Url: http://secunia.com/advisories/24437

Url: http://secunia.com/advisories/24238

Url: http://rhn.redhat.com/errata/RHSA-2007-0077.html

Url: http://www.redhat.com/support/errata/RHSA-2007-0108.html

Url: http://secunia.com/advisories/24395

Url: https://www.mend.io/vulnerability-database/CVE-2007-0995

Severity Score

3.7

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us