CVE-2007-5415 — Cross-site Scripting in Mozilla Firefox

CWE-79 — Cross-site Scripting4 documents2 sources

Severity

4.3MEDIUMNVD

NVD2.6

EPSS

0.2%

top 52.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedOct 12

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses '/' (slash) characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5414.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox1.8+1

🔴Vulnerability Details

GHSA

GHSA-fpw8-4262-vxvh: Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2↗2022-05-01

▶

GHSA

GHSA-prc6-qwc4-rr5x: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2↗2022-05-01

▶