[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-3736Date: (C)2007-07-18   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1018410
SUNALERT-103177
20070701-01-P
http://www.securityfocus.com/archive/1/474226/100/0/threaded
http://www.securityfocus.com/archive/1/474542/100/0/threaded
SUNALERT-201516
BID-24946
SECUNIA-25589
SECUNIA-26072
SECUNIA-26095
SECUNIA-26103
SECUNIA-26106
SECUNIA-26107
SECUNIA-26149
SECUNIA-26151
SECUNIA-26159
SECUNIA-26179
SECUNIA-26204
SECUNIA-26205
SECUNIA-26211
SECUNIA-26216
SECUNIA-26258
SECUNIA-26271
SECUNIA-26460
SECUNIA-28135
ADV-2007-2564
ADV-2007-4256
DSA-1337
DSA-1338
DSA-1339
GLSA-200708-09
HPSBUX02153
MDKSA-2007:152
RHSA-2007:0722
RHSA-2007:0723
RHSA-2007:0724
SUSE-SA:2007:049
USN-490-1
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
http://www.mozilla.org/security/announce/2007/mfsa2007-19.html
mozilla-addeventlistener-settimeout-xss(35462)
oval:org.mitre.oval:def:11749

CPE    5
cpe:/a:mozilla:firefox:2.0
cpe:/a:mozilla:firefox:2.0.0.4
cpe:/a:mozilla:firefox:2.0.0.3
cpe:/a:mozilla:firefox:2.0.0.2
...

© SecPod Technologies