Vulnerability Name: CVE-2007-0994 (CCN-32818) Assigned: 2007-03-05 Published: 2007-03-05 Updated: 2019-10-09 Summary: A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges. CVSS v3 Severity: 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P )5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P )3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-94 Vulnerability Consequences: Gain Access References: Source: SGI Type: Broken Link20070202-01-P Source: SGI Type: Broken Link20070301-01-P Source: CONFIRM Type: Exploit, Issue Tracking, Patch, Third Party Advisoryhttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733 Source: MITRE Type: CNACVE-2007-0994 Source: HP Type: Broken LinkSSRT061181 Source: SUSE Type: Broken LinkSUSE-SA:2007:019 Source: CCN Type: RHSA-2007-0077Critical: seamonkey security update Source: CCN Type: RHSA-2007-0079Critical: Firefox security update Source: CCN Type: RHSA-2007-0097Critical: firefox security update Source: SECUNIA Type: Third Party Advisory24384 Source: SECUNIA Type: Third Party Advisory24395 Source: SECUNIA Type: Third Party Advisory24455 Source: SECUNIA Type: Third Party Advisory24457 Source: SECUNIA Type: Third Party Advisory24650 Source: SECUNIA Type: Third Party Advisory25588 Source: CCN Type: SECTRACK ID: 1017726Mozilla Firefox JavaScript URI in IMG SRC Attribute Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: Third Party Advisory, VDB Entry1017726 Source: SLACKWARE Type: Mailing List, Third Party AdvisorySSA:2007-066-05 Source: SLACKWARE Type: Mailing List, Third Party AdvisorySSA:2007-066-03 Source: CCN Type: ASA-2007-095thunderbird security update (RHSA-2007-0078) Source: DEBIAN Type: Third Party AdvisoryDSA-1336 Source: DEBIAN Type: DSA-1336mozilla-firefox -- several vulnerabilities Source: CCN Type: Mozilla Web siteThunderbird 1.5 Source: CCN Type: Mozilla.orgThe SeaMonkey Project Source: CCN Type: MFSA 2007-09 Privilege escalation by setting img.src to javascript URI Source: CONFIRM Type: Vendor Advisoryhttp://www.mozilla.org/security/announce/2007/mfsa2007-09.html Source: SUSE Type: Broken LinkSUSE-SA:2007:022 Source: REDHAT Type: Third Party AdvisoryRHSA-2007:0078 Source: REDHAT Type: Third Party AdvisoryRHSA-2007:0097 Source: BID Type: Third Party Advisory, VDB Entry22826 Source: CCN Type: BID-22826Mozilla Firefox Javascript URI Remote Code Execution Vulnerability Source: VUPEN Type: Third Party AdvisoryADV-2007-0823 Source: XF Type: UNKNOWNmozilla-javascripturi-code-execution(32818) Source: CONFIRM Type: Broken Linkhttps://issues.rpath.com/browse/RPL-1103 Source: OVAL Type: Third Party Advisoryoval:org.mitre.oval:def:9749 Source: SUSE Type: SUSE-SA:2007:019MozillaFirefox security update 1.5.0.10/2.0.0.2 Source: SUSE Type: SUSE-SA:2007:022Mozilla security problems Vulnerable Configuration: Configuration 1 :cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version >= 1.5 and < 1.5.0.10)OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version >= 2.0 and < 2.0.0.2) OR cpe:/a:mozilla:seamonkey:*:*:*:*:*:*:*:* (Version >= 1.0 and < 1.0.8) OR cpe:/a:mozilla:seamonkey:*:*:*:*:*:*:*:* (Version >= 1.1 and < 1.1.1) Configuration 2 :cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* Configuration RedHat 6 :cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* Configuration RedHat 7 :cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:* Configuration RedHat 8 :cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:* Configuration RedHat 9 :cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:* Configuration CCN 1 :cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:2.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0::dev:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:2.0:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:2.0:rc2:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:2.0:rc3:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1::beta:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0::alpha:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0::beta:*:*:*:*:* AND cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/a:suse:suse_linux_school_server:-:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:* OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:* OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:* OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:* OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
mozilla firefox *
mozilla firefox *
mozilla seamonkey *
mozilla seamonkey *
debian debian linux 3.1
mozilla firefox 1.5 beta1
mozilla firefox 2.0
mozilla seamonkey 1.0
mozilla firefox 1.5
mozilla firefox 1.5.0.2
mozilla firefox 1.5.0.3
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.6
mozilla firefox 1.5.0.7
mozilla seamonkey 1.0.5
mozilla seamonkey 1.0.7
mozilla seamonkey 1.0.2
mozilla firefox 1.5.0.9
mozilla firefox 2.0.0.1
mozilla firefox 2.0.0.2
mozilla firefox 2.0 beta1
mozilla firefox 2.0 rc2
mozilla firefox 2.0 rc3
mozilla seamonkey 1.0
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.3
mozilla seamonkey 1.0.4
mozilla seamonkey 1.0.6
mozilla seamonkey 1.0.8
mozilla seamonkey 1.0.9
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.10
mozilla firefox 1.5.0.5
mozilla firefox 1.5.0.8
mozilla firefox 1.5 beta2
mozilla seamonkey 1.1
mozilla seamonkey 1.0
mozilla seamonkey 1.0
suse linux enterprise server 8
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
suse suse linux school server -
redhat enterprise linux 3
redhat enterprise linux 4
redhat enterprise linux 4
novell linux desktop 9
redhat enterprise linux 4
redhat enterprise linux 4
debian debian linux 3.1
novell open enterprise server *
suse suse linux 10.0
redhat linux advanced workstation 2.1
suse suse linux 10.1
redhat enterprise linux desktop 5.0
redhat enterprise linux 5
redhat enterprise linux 5
redhat enterprise linux 5
novell open enterprise server *
novell opensuse 10.2
suse suse linux 9.3