CVE-2007-5459

Published: Oct 14, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the sidebar HTML page in the MouseoverDictionary before 0.6.2 extension for Mozilla Firefox allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected (2)

Products: Itirou Maruta: Mouseoverdictionary · Mozilla: Firefox

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Itirou Maruta Mouseoverdictionary	Up to 0.6
Mozilla Firefox	Version 2.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (12)

http://jvn.jp/jp/JVN%2363304072/index.html

Source: cve@mitre.org

http://maru.bonyari.jp/mouseoverdictionary/

Source: cve@mitre.org

http://osvdb.org/40475

Source: cve@mitre.org

http://secunia.com/advisories/27195

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/26053

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/37184

Source: cve@mitre.org

http://jvn.jp/jp/JVN%2363304072/index.html