CVE-2007-0995

Mozilla Firefox <1.5.0.10 & 2.x <2.0.0.2 - XSS

Title source: llm

Description

Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.

References (50)

[Mailing List] http://fedoranews.org/cms/node/2713

[Mailing List] http://fedoranews.org/cms/node/2728

[Vendor Advisory] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

[Various Sources] http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2

[Various Sources] http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

[Third Party Advisory, VDB Entry] http://osvdb.org/32112

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2007-0077.html

[Third Party Advisory] http://secunia.com/advisories/24205

[Vendor Advisory] http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

[Vendor Advisory] http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2007:050

[Patch, Vendor Advisory] http://www.mozilla.org/security/announce/2007/mfsa2007-02.html

[Third Party Advisory, VDB Entry] http://www.osvdb.org/32111

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2007-0078.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2007-0079.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2007-0097.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2007-0108.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/461336/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/461809/100/0/threaded

... and 30 more

Scores

EPSS 0.0210

EPSS Percentile 83.9%

Classification

CWE

CWE-79

Status draft

Affected Products (4)

mozilla/firefox

mozilla/seamonkey < 1.0.7

Timeline

Published Feb 26, 2007

Tracked Since Feb 18, 2026