CVE-2007-0996 — Cross-site Scripting in Mozilla Firefox

11 documents5 sources

Severity

5.8MEDIUMNVD

EPSS

2.6%

top 14.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedFeb 27

Latest updateMay 3

Description

The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶NVDmozilla/firefox12 versions+11

▶NVDmozilla/seamonkey8 versions+7

Patches

Patch: www.mozilla.org ↗Patch: www.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-8j8g-w6r8-wr7h: The child frames in Mozilla Firefox before 1↗2022-05-03

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2007-03-02

▶

Ubuntu

Firefox vulnerabilities↗2007-03-01

▶

Red Hat

security flaw↗2007-02-23

▶

💬Community

Bugzilla

CVE-2007-0996 security flaw↗2018-08-16

▶

Bugzilla

CVE-2007-0775 Multiple Thunderbird flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007↗2007-03-01

▶

Bugzilla

▶

Bugzilla

CVE-2007-0775 Multiple Firefox flaws (CVE-2007-0777, CVE-2007-0994, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-000↗2007-02-26

▶

Bugzilla

CVE-2007-0775 Multiple Seamonkey flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-0↗2007-02-23

▶