[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-5338Date: (C)2007-10-21   (M)2023-12-22


Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1018836
http://www.securityfocus.com/archive/1/482876/100/200/threaded
http://www.securityfocus.com/archive/1/482925/100/0/threaded
http://www.securityfocus.com/archive/1/482932/100/200/threaded
SUNALERT-201516
BID-26132
SECUNIA-27276
SECUNIA-27298
SECUNIA-27311
SECUNIA-27315
SECUNIA-27325
SECUNIA-27327
SECUNIA-27335
SECUNIA-27336
SECUNIA-27356
SECUNIA-27360
SECUNIA-27383
SECUNIA-27387
SECUNIA-27403
SECUNIA-27414
SECUNIA-27425
SECUNIA-27480
SECUNIA-27665
SECUNIA-27680
SECUNIA-28398
ADV-2007-3544
ADV-2007-3587
ADV-2008-0083
DSA-1392
DSA-1396
DSA-1401
FEDORA-2007-2601
FEDORA-2007-2664
FEDORA-2007-3431
GLSA-200711-14
HPSBUX02153
MDKSA-2007:202
RHSA-2007:0979
RHSA-2007:0980
RHSA-2007:0981
SUSE-SA:2007:057
USN-535-1
USN-536-1
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
http://www.mozilla.org/security/announce/2007/mfsa2007-35.html
https://issues.rpath.com/browse/RPL-1858
mozilla-xpcnativewrapper-code-execution(37288)
oval:org.mitre.oval:def:10965

CPE    2
cpe:/a:mozilla:seamonkey
cpe:/a:mozilla:firefox
CWE    1
CWE-264
OVAL    4
oval:org.mitre.oval:def:7681
oval:org.mitre.oval:def:7395
oval:org.mitre.oval:def:7869
oval:org.mitre.oval:def:7955
...

© SecPod Technologies