Vulnerability Name:

CVE-2007-0994 (CCN-32818)

Assigned:2007-03-05
Published:2007-03-05
Updated:2019-10-09
Summary:A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-94
Vulnerability Consequences:Gain Access
References:Source: SGI
Type: Broken Link
20070202-01-P

Source: SGI
Type: Broken Link
20070301-01-P

Source: CONFIRM
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733

Source: MITRE
Type: CNA
CVE-2007-0994

Source: HP
Type: Broken Link
SSRT061181

Source: SUSE
Type: Broken Link
SUSE-SA:2007:019

Source: CCN
Type: RHSA-2007-0077
Critical: seamonkey security update

Source: CCN
Type: RHSA-2007-0079
Critical: Firefox security update

Source: CCN
Type: RHSA-2007-0097
Critical: firefox security update

Source: SECUNIA
Type: Third Party Advisory
24384

Source: SECUNIA
Type: Third Party Advisory
24395

Source: SECUNIA
Type: Third Party Advisory
24455

Source: SECUNIA
Type: Third Party Advisory
24457

Source: SECUNIA
Type: Third Party Advisory
24650

Source: SECUNIA
Type: Third Party Advisory
25588

Source: CCN
Type: SECTRACK ID: 1017726
Mozilla Firefox JavaScript URI in IMG SRC Attribute Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1017726

Source: SLACKWARE
Type: Mailing List, Third Party Advisory
SSA:2007-066-05

Source: SLACKWARE
Type: Mailing List, Third Party Advisory
SSA:2007-066-03

Source: CCN
Type: ASA-2007-095
thunderbird security update (RHSA-2007-0078)

Source: DEBIAN
Type: Third Party Advisory
DSA-1336

Source: DEBIAN
Type: DSA-1336
mozilla-firefox -- several vulnerabilities

Source: CCN
Type: Mozilla Web site
Thunderbird 1.5

Source: CCN
Type: Mozilla.org
The SeaMonkey Project

Source: CCN
Type: MFSA 2007-09
Privilege escalation by setting img.src to javascript URI

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2007/mfsa2007-09.html

Source: SUSE
Type: Broken Link
SUSE-SA:2007:022

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0078

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0097

Source: BID
Type: Third Party Advisory, VDB Entry
22826

Source: CCN
Type: BID-22826
Mozilla Firefox Javascript URI Remote Code Execution Vulnerability

Source: VUPEN
Type: Third Party Advisory
ADV-2007-0823

Source: XF
Type: UNKNOWN
mozilla-javascripturi-code-execution(32818)

Source: CONFIRM
Type: Broken Link
https://issues.rpath.com/browse/RPL-1103

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:9749

Source: SUSE
Type: SUSE-SA:2007:019
MozillaFirefox security update 1.5.0.10/2.0.0.2

Source: SUSE
Type: SUSE-SA:2007:022
Mozilla security problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version >= 1.5 and < 1.5.0.10)
  • OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version >= 2.0 and < 2.0.0.2)
  • OR cpe:/a:mozilla:seamonkey:*:*:*:*:*:*:*:* (Version >= 1.0 and < 1.0.8)
  • OR cpe:/a:mozilla:seamonkey:*:*:*:*:*:*:*:* (Version >= 1.1 and < 1.1.1)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0::dev:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1::beta:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0::alpha:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0::beta:*:*:*:*:*
  • AND
  • cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_school_server:-:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:21788
    P
    		ELSA-2007:0097: firefox security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:9749
    V
    		A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.
    2013-04-29
    oval:com.redhat.rhsa:def:20070077
    P
    		RHSA-2007:0077: seamonkey security update (Critical)
    2008-03-20
    oval:com.redhat.rhsa:def:20070097
    P
    		RHSA-2007:0097: firefox security update (Critical)
    2008-03-20
    oval:org.debian:def:1336
    V
    		several vulnerabilities
    2007-07-22
    oval:com.redhat.rhsa:def:20070079
    P
    		RHSA-2007:0079: Firefox security update (Critical)
    2007-02-23
    BACK
    mozilla firefox *
    mozilla firefox *
    mozilla seamonkey *
    mozilla seamonkey *
    debian debian linux 3.1
    mozilla firefox 1.5 beta1
    mozilla firefox 2.0
    mozilla seamonkey 1.0
    mozilla firefox 1.5
    mozilla firefox 1.5.0.2
    mozilla firefox 1.5.0.3
    mozilla firefox 1.5.0.4
    mozilla firefox 1.5.0.6
    mozilla firefox 1.5.0.7
    mozilla seamonkey 1.0.5
    mozilla seamonkey 1.0.7
    mozilla seamonkey 1.0.2
    mozilla firefox 1.5.0.9
    mozilla firefox 2.0.0.1
    mozilla firefox 2.0.0.2
    mozilla firefox 2.0 beta1
    mozilla firefox 2.0 rc2
    mozilla firefox 2.0 rc3
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0.1
    mozilla seamonkey 1.0.3
    mozilla seamonkey 1.0.4
    mozilla seamonkey 1.0.6
    mozilla seamonkey 1.0.8
    mozilla seamonkey 1.0.9
    mozilla firefox 1.5.0.1
    mozilla firefox 1.5.0.10
    mozilla firefox 1.5.0.5
    mozilla firefox 1.5.0.8
    mozilla firefox 1.5 beta2
    mozilla seamonkey 1.1
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0
    suse linux enterprise server 8
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    suse suse linux school server -
    redhat enterprise linux 3
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    novell open enterprise server *
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    suse suse linux 10.1
    redhat enterprise linux desktop 5.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 5
    novell open enterprise server *
    novell opensuse 10.2
    suse suse linux 9.3