CVE-2007-2870Cross-site Scripting in Mozilla Firefox

13 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
8.3%
top 7.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedJun 1
Latest updateMay 1

Description

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDmozilla/firefox16 versions+15
NVDmozilla/seamonkey1.0.9, 1.1.2+1

🔴Vulnerability Details

1
GHSA
GHSA-462h-7vhv-4jpp: Mozilla Firefox 12022-05-01

📋Vendor Advisories

6
Ubuntu
Firefox vulnerabilities2007-06-01
Red Hat
security flaw2007-05-31
Red Hat
Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)2007-05-31
Red Hat
Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)2007-05-31
Red Hat
Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)2007-05-31

💬Community

5
Bugzilla
CVE-2007-2870 security flaw2018-08-16
Bugzilla
CVE-2007-1362 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)2007-05-31
Bugzilla
CVE-2007-1362 Miltiple Seamonkey flaws (CVE-2007-1562, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)2007-05-31
Bugzilla
CVE-2007-1362 Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)2007-05-29
Bugzilla
CVE-2007-1362 Miltiple Seamonkey flaws (CVE-2007-1562, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)2007-05-29