CVE-2007-0994

Published: Mar 6, 2007Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.

Affected (5)

Products: Mozilla: Firefox, Seamonkey · Debian: Debian Linux

2 products

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	From 1.5 to 1.5.0.10
Mozilla Firefox	From 2.0 to 2.0.0.2
Mozilla Seamonkey	From 1.0 to 1.0.8
Mozilla Seamonkey	From 1.1 to 1.1.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 3.1

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (46)

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc (unsafe URL)

Source: secalert@redhat.com

Broken Link

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc (unsafe URL)

Source: secalert@redhat.com

Broken Link

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733

Source: secalert@redhat.com

ExploitIssue TrackingPatchThird Party Advisory

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Source: secalert@redhat.com

Broken Link

http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/24384

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/24395

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/24455

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/24457

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/24650

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/25588

Source: secalert@redhat.com

Third Party Advisory

http://securitytracker.com/id?1017726

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.debian.org/security/2007/dsa-1336

Source: secalert@redhat.com

Third Party Advisory

http://www.mozilla.org/security/announce/2007/mfsa2007-09.html

Source: secalert@redhat.com

Vendor Advisory

http://www.novell.com/linux/security/advisories/2007_22_mozilla.html

Source: secalert@redhat.com

Broken Link

http://www.redhat.com/support/errata/RHSA-2007-0078.html

Source: secalert@redhat.com

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2007-0097.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/22826

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.vupen.com/english/advisories/2007/0823

Source: secalert@redhat.com

Third Party Advisory

https://issues.rpath.com/browse/RPL-1103

Source: secalert@redhat.com

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9749

Source: secalert@redhat.com

Third Party Advisory

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc (unsafe URL)