CVE-2007-0994

Mozilla Firefox <2.0.0.2 & SeaMonkey <1.1.1 - XSS

Title source: llm
STIX 2.1

Description

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.

References (23)

Core 23
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0078.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24395
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733
Mailing List, Third Party Advisory vendor-advisory x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24384
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24457
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1336
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24650
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25588
Broken Link x_refsource_confirm
https://issues.rpath.com/browse/RPL-1103
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017726
Broken Link vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0823
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0097.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24455
Mailing List, Third Party Advisory vendor-advisory x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22826

Scores

EPSS 0.0321
EPSS Percentile 86.6%

Details

CWE
CWE-94
Status published
Products (3)
debian/debian_linux 3.1
mozilla/firefox 1.5 - 1.5.0.10
mozilla/seamonkey 1.0 - 1.0.8
Published Mar 06, 2007
Tracked Since Feb 18, 2026