CVE-2007-0995Cross-site Scripting in Mozilla Seamonkey

CWE-79Cross-site Scripting11 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
2.2%
top 15.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla SeamonkeyMozilla Firefox
Timeline
PublishedFeb 26
Latest updateMay 3

Description

Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDmozilla/firefox1.5.0.10, 2.0, 2.0.0.1+2

Patches

Patch: www.mozilla.orgPatch: www.mozilla.org

🔴Vulnerability Details

1
GHSA
GHSA-8j2j-5pq8-mr48: Mozilla Firefox before 12022-05-03

📋Vendor Advisories

3
Ubuntu
Firefox regression2007-03-02
Ubuntu
Firefox vulnerabilities2007-03-01
Red Hat
security flaw2007-02-23

💬Community

6
Bugzilla
CVE-2007-0995 security flaw2018-08-16
Bugzilla
CVE-2007-0775 Multiple Thunderbird flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-20072007-03-01
Bugzilla
CVE-2007-0775 Multiple Thunderbird flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-20072007-03-01
Bugzilla
CVE-2007-0775 Multiple Firefox flaws (CVE-2007-0777, CVE-2007-0994, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0002007-02-26
Bugzilla
CVE-2007-0775 Multiple Seamonkey flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-02007-02-23