CVE-2007-3736Cross-site Scripting in Mozilla Seamonkey

CWE-79Cross-site Scripting9 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
2.0%
top 16.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla SeamonkeyMozilla ThunderbirdMozilla Firefox
Timeline
PublishedJul 18
Latest updateMay 3

Description

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDmozilla/firefox24 versions+23
NVDmozilla/seamonkey2.0.2+22
NVDmozilla/thunderbird3.0.1+31

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-wchf-965x-6qj3: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 22022-05-03
GHSA
GHSA-vv9f-p8wq-vp27: Mozilla Firefox 32022-05-02

📋Vendor Advisories

3
Red Hat
firefox/thunderbird/seamonkey: XSS using addEventListener and setTimeout on a wrapped object (MFSA 2010-12)2010-03-23
Ubuntu
Firefox vulnerabilities2007-07-20
Red Hat
security flaw2007-07-18

💬Community

2
Bugzilla
CVE-2007-3736 security flaw2018-08-16
Bugzilla
CVE-2007-3089 various flaws in mozilla products (CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3656 CVE-2007-3738)2007-07-17