cvelistv5 - cve-2007-0995

CVE-2007-0995 (GCVE-0-2007-0995)

Vulnerability from cvelistv5

Published

2007-02-26 19:00

Modified

2024-08-07 12:43

Severity ?

CWE

Summary

Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.

References

URL

Tags

	http://www.redhat.com/support/errata/RHSA-2007-0078.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/24395	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/461336/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/24328	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2007-0108.html	vendor-advisory, x_refsource_REDHAT
	http://security.gentoo.org/glsa/glsa-200703-04.xml	vendor-advisory, x_refsource_GENTOO
	http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml	vendor-advisory, x_refsource_GENTOO
	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851	vendor-advisory, x_refsource_SLACKWARE
	http://secunia.com/advisories/24384	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/24457	third-party-advisory, x_refsource_SECUNIA
	http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2	x_refsource_MISC
	http://secunia.com/advisories/24343	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2007/dsa-1336	vendor-advisory, x_refsource_DEBIAN
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	vendor-advisory, x_refsource_HP
	http://www.mozilla.org/security/announce/2007/mfsa2007-02.html	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2007/0718	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/24650	third-party-advisory, x_refsource_SECUNIA
	http://www.osvdb.org/32111	vdb-entry, x_refsource_OSVDB
	http://www.ubuntu.com/usn/usn-428-1	vendor-advisory, x_refsource_UBUNTU
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10164	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/24320	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/25588	third-party-advisory, x_refsource_SECUNIA
	https://issues.rpath.com/browse/RPL-1103	x_refsource_CONFIRM
	http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html	vendor-advisory, x_refsource_SUSE
	http://www.vupen.com/english/advisories/2008/0083	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/archive/1/461809/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.novell.com/linux/security/advisories/2007_22_mozilla.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/24293	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/24238	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/24393	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/24342	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/24287	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/22694	vdb-entry, x_refsource_BID
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	vendor-advisory, x_refsource_HP
	http://fedoranews.org/cms/node/2713	vendor-advisory, x_refsource_FEDORA
	http://www.redhat.com/support/errata/RHSA-2007-0097.html	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id?1017702	vdb-entry, x_refsource_SECTRACK
	http://fedoranews.org/cms/node/2728	vendor-advisory, x_refsource_FEDORA
	ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc	vendor-advisory, x_refsource_SGI
	http://secunia.com/advisories/24205	third-party-advisory, x_refsource_SECUNIA
	https://issues.rpath.com/browse/RPL-1081	x_refsource_CONFIRM
	http://secunia.com/advisories/24333	third-party-advisory, x_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=MDKSA-2007:050	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/24290	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/24455	third-party-advisory, x_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2007-0077.html	vendor-advisory, x_refsource_REDHAT
	ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc	vendor-advisory, x_refsource_SGI
	http://osvdb.org/32112	vdb-entry, x_refsource_OSVDB
	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131	vendor-advisory, x_refsource_SLACKWARE
	http://www.redhat.com/support/errata/RHSA-2007-0079.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/24437	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:43:21.629Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2007:0078",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
          },
          {
            "name": "24395",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24395"
          },
          {
            "name": "20070226 rPSA-2007-0040-1 firefox",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
          },
          {
            "name": "24328",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24328"
          },
          {
            "name": "RHSA-2007:0108",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
          },
          {
            "name": "GLSA-200703-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"
          },
          {
            "name": "GLSA-200703-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"
          },
          {
            "name": "SSA:2007-066-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.374851"
          },
          {
            "name": "24384",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24384"
          },
          {
            "name": "24457",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24457"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2"
          },
          {
            "name": "24343",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24343"
          },
          {
            "name": "DSA-1336",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1336"
          },
          {
            "name": "HPSBUX02153",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
          },
          {
            "name": "ADV-2007-0718",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0718"
          },
          {
            "name": "24650",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24650"
          },
          {
            "name": "32111",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/32111"
          },
          {
            "name": "USN-428-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-428-1"
          },
          {
            "name": "oval:org.mitre.oval:def:10164",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10164"
          },
          {
            "name": "24320",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24320"
          },
          {
            "name": "25588",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25588"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1103"
          },
          {
            "name": "SUSE-SA:2007:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
          },
          {
            "name": "ADV-2008-0083",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0083"
          },
          {
            "name": "20070303 rPSA-2007-0040-3 firefox thunderbird",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
          },
          {
            "name": "SUSE-SA:2007:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
          },
          {
            "name": "24293",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24293"
          },
          {
            "name": "24238",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24238"
          },
          {
            "name": "24393",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24393"
          },
          {
            "name": "24342",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24342"
          },
          {
            "name": "24287",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24287"
          },
          {
            "name": "22694",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22694"
          },
          {
            "name": "SSRT061181",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "FEDORA-2007-281",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/cms/node/2713"
          },
          {
            "name": "RHSA-2007:0097",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
          },
          {
            "name": "1017702",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017702"
          },
          {
            "name": "FEDORA-2007-293",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/cms/node/2728"
          },
          {
            "name": "20070301-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
          },
          {
            "name": "24205",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24205"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1081"
          },
          {
            "name": "24333",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24333"
          },
          {
            "name": "MDKSA-2007:050",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
          },
          {
            "name": "24290",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24290"
          },
          {
            "name": "24455",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24455"
          },
          {
            "name": "RHSA-2007:0077",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
          },
          {
            "name": "20070202-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
          },
          {
            "name": "32112",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/32112"
          },
          {
            "name": "SSA:2007-066-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
          },
          {
            "name": "RHSA-2007:0079",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
          },
          {
            "name": "24437",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24437"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-02-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2007:0078",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
        },
        {
          "name": "24395",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24395"
        },
        {
          "name": "20070226 rPSA-2007-0040-1 firefox",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
        },
        {
          "name": "24328",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24328"
        },
        {
          "name": "RHSA-2007:0108",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
        },
        {
          "name": "GLSA-200703-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"
        },
        {
          "name": "GLSA-200703-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"
        },
        {
          "name": "SSA:2007-066-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.374851"
        },
        {
          "name": "24384",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24384"
        },
        {
          "name": "24457",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24457"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2"
        },
        {
          "name": "24343",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24343"
        },
        {
          "name": "DSA-1336",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1336"
        },
        {
          "name": "HPSBUX02153",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
        },
        {
          "name": "ADV-2007-0718",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0718"
        },
        {
          "name": "24650",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24650"
        },
        {
          "name": "32111",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/32111"
        },
        {
          "name": "USN-428-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-428-1"
        },
        {
          "name": "oval:org.mitre.oval:def:10164",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10164"
        },
        {
          "name": "24320",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24320"
        },
        {
          "name": "25588",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25588"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1103"
        },
        {
          "name": "SUSE-SA:2007:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
        },
        {
          "name": "ADV-2008-0083",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0083"
        },
        {
          "name": "20070303 rPSA-2007-0040-3 firefox thunderbird",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
        },
        {
          "name": "SUSE-SA:2007:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
        },
        {
          "name": "24293",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24293"
        },
        {
          "name": "24238",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24238"
        },
        {
          "name": "24393",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24393"
        },
        {
          "name": "24342",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24342"
        },
        {
          "name": "24287",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24287"
        },
        {
          "name": "22694",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22694"
        },
        {
          "name": "SSRT061181",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "name": "FEDORA-2007-281",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/cms/node/2713"
        },
        {
          "name": "RHSA-2007:0097",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
        },
        {
          "name": "1017702",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017702"
        },
        {
          "name": "FEDORA-2007-293",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/cms/node/2728"
        },
        {
          "name": "20070301-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
        },
        {
          "name": "24205",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24205"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1081"
        },
        {
          "name": "24333",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24333"
        },
        {
          "name": "MDKSA-2007:050",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
        },
        {
          "name": "24290",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24290"
        },
        {
          "name": "24455",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24455"
        },
        {
          "name": "RHSA-2007:0077",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
        },
        {
          "name": "20070202-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
        },
        {
          "name": "32112",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/32112"
        },
        {
          "name": "SSA:2007-066-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
        },
        {
          "name": "RHSA-2007:0079",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
        },
        {
          "name": "24437",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24437"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-0995",
    "datePublished": "2007-02-26T19:00:00.000Z",
    "dateReserved": "2007-02-16T00:00:00.000Z",
    "dateUpdated": "2024-08-07T12:43:21.629Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-0995

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2008-05-21 00:00

Severity ?

() - -

Summary

Mozilla Firefox cross-site scripting vulnerability

Details

Mozilla Firefox, web browser from Mozilla Corporation and Mozilla Japan, contains a cross-site scripting vulnerability. Mozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN38605899/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0995
	SECUNIA	http://secunia.com/advisories/24205/
	SECUNIA	http://secunia.com/advisories/24238/
	BID	http://www.securityfocus.com/bid/22694
	FRSIRT	http://www.frsirt.com/english/advisories/2007/0718

Impacted products

Vendor

Product

	mozilla.org contributors	Mozilla Firefox
	mozilla.org contributors	Mozilla SeaMonkey
	Red Hat, Inc.	RHEL Optional Productivity Applications
	Hewlett-Packard Development Company,L.P	HP-UX
	Cybertrust Japan Co., Ltd.	Asianux Server
	Red Hat, Inc.	Red Hat Enterprise Linux
	Red Hat, Inc.	Red Hat Enterprise Linux Desktop
	Red Hat, Inc.	Red Hat Linux Advanced Workstation
	Red Hat, Inc.	RHEL Desktop Workstation
	Turbolinux, Inc.	Turbolinux
	Turbolinux, Inc.	Turbolinux Desktop
	Turbolinux, Inc.	Turbolinux Home
	Turbolinux, Inc.	Turbolinux Multimedia
	Turbolinux, Inc.	Turbolinux Personal
	Turbolinux, Inc.	Turbolinux Server

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000176.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Mozilla Firefox, web browser from Mozilla Corporation and Mozilla Japan, contains a cross-site scripting vulnerability.\r\n\r\nMozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000176.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:mozilla:firefox",
      "@product": "Mozilla Firefox",
      "@vendor": "mozilla.org contributors",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:mozilla:seamonkey",
      "@product": "Mozilla SeaMonkey",
      "@vendor": "mozilla.org contributors",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_optional_productivity_applications",
      "@product": "RHEL Optional Productivity Applications",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:hp:hp-ux",
      "@product": "HP-UX",
      "@vendor": "Hewlett-Packard Development Company,L.P",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:rhel_desktop_workstation",
      "@product": "RHEL Desktop Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux",
      "@product": "Turbolinux",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_desktop",
      "@product": "Turbolinux Desktop",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_home",
      "@product": "Turbolinux Home",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_multimedia",
      "@product": "Turbolinux Multimedia",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_personal",
      "@product": "Turbolinux Personal",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000176",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN38605899/index.html",
      "@id": "JVN#38605899",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995",
      "@id": "CVE-2007-0995",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0995",
      "@id": "CVE-2007-0995",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/24205/",
      "@id": "SA24205",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://secunia.com/advisories/24238/",
      "@id": "SA24238",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/22694",
      "@id": "22694",
      "@source": "BID"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/0718",
      "@id": "FrSIRT/ADV-2007-0718",
      "@source": "FRSIRT"
    }
  ],
  "title": "Mozilla Firefox cross-site scripting vulnerability"
}

CERTA-2007-AVI-102

Vulnerability from certfr_avis

Plusieurs vulnérabilités sur les produits Mozilla cités ci-dessus permettraient le contournement de la politique de sécurité, l'atteinte à la confidentialité des données ou l'exécution de code arbitraire à distance.

Description

Plusieurs vulnérabilités ont été découvertes dans les produits de Mozilla. L'exploitation de ces vulnérabilités peut se faire de différentes façons (script hostile, boite de dialogue malformée, certificats malformés, etc.) et permet à des utilisateurs malintentionnés de provoquer un déni de service, d'exécuter du code arbitraire ou d'obtenir des droits élevés sur la machine victime.

Solution

Les versions suivantes corrigent les problèmes :

Firefox 1.5.0.10 ;
Firefox 2.0.0.2 ;
Thunderbird 1.5.0.10 ;
Seamonkey 1.0.8 ;
Network Security Services 3.11.5.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

La branche de développement 1.5.x de Firefox ne sera plus maintenue au-delà du 24 avril 2007.

Impacted products

Vendor	Product	Description
Mozilla	Firefox	Firefox 1.5.0.9 et versions antérieures ;
Mozilla	N/A	Network Security Services 3.11.4 et versions antérieures.
Mozilla	N/A	Seamonkey 1.0.7 et versions antérieures ;
Mozilla	Thunderbird	Thunderbird 1.5.0.9 et versions antérieures ;
Mozilla	Firefox	Firefox 2.0.0.1 et versions antérieures ;

References

Title

Publication Time

Tags

Notes de mises à jour de Firefox 2.0.0.2	2007-02-26	vendor-advisory
Notes de mises à jour de Seamonkey 1.0.8	2007-02-26	vendor-advisory
Notes de mises à jour de Thunderbird 1.5.0.10	2007-02-26	vendor-advisory
Bulletin de sécurité Mozilla MFSA 2007-3 du 23 février 2007	-	other
Mise à jour de sécurité Gentoo GLSA-200703-08 du 09 mars 2007	-	other
Bulletin de sécurité Mozilla MFSA 2007-1 du 23 février 2007	-	other
Bulletin de sécurité Mozilla MFSA 2007-2 du 23 février 2007	-	other
Bulletin de sécurité Mozilla MFSA 2007-5 du 23 février 2007	-	other
Bulletin de sécurité Mozilla MFSA 2007-6 du 23 février 2007	-	other
Mise à jour de sécurité Red Hat RHSA-2007:0078 du 02 mars 2007	-	other
Bulletin de sécurité Mozilla MFSA 2007-7 du 23 février 2007	-	other
Mise à jour de sécurité Gentoo GLSA-200703-22 du 20 mars 2007	-	other
Mise à jour de sécurité SuSE SUSE-SA:2007:022 du 20 mars 2007	-	other
Mise à jour de sécurité Red Hat RHSA-2007:0079 du 23 février 2007	-	other
Mise à jour de sécurité Mandriva MDKSA-2007:050 du 28 février 2007	-	other
Mise à jour de sécurité Ubuntu USN-428-1 du 26 février 2007	-	other
Mise à jour de sécurité Red Hat RHSA-2007:0077 du 23 février 2007	-	other
Mise à jour de sécurité Gentoo GLSA-200703-18 du 16 mars 2007	-	other
Bulletin de sécurité Mozilla MFSA 2007-8 du 23 février 2007	-	other
Mise à jour de sécurité Mandriva MDKSA-2007:050-1 du 02 mars 2007	-	other
Mise à jour de sécurité Gentoo GLSA-200703-04 du 02 mars 2007	-	other
Mise à jour de sécurité Ubuntu USN-428-2 du 02 mars 2007	-	other
Mise à jour de sécurité Ubuntu USN-431-1 du 07 mars 2007	-	other
Bulletin de sécurité Mozilla MFSA 2007-4 du 23 février 2007	-	other
Mise à jour de sécurité SuSE SUSE-SA:2007:019 du 06 mars 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox 1.5.0.9 et versions ant\u00e9rieures ;",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Network Security Services 3.11.4 et versions ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Seamonkey 1.0.7 et versions ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Thunderbird 1.5.0.9 et versions ant\u00e9rieures ;",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox 2.0.0.1 et versions ant\u00e9rieures ;",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits de\nMozilla. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s peut se faire de\ndiff\u00e9rentes fa\u00e7ons (script hostile, boite de dialogue malform\u00e9e,\ncertificats malform\u00e9s, etc.) et permet \u00e0 des utilisateurs\nmalintentionn\u00e9s de provoquer un d\u00e9ni de service, d\u0027ex\u00e9cuter du code\narbitraire ou d\u0027obtenir des droits \u00e9lev\u00e9s sur la machine victime.\n\n## Solution\n\nLes versions suivantes corrigent les probl\u00e8mes :\n\n-   Firefox 1.5.0.10 ;\n-   Firefox 2.0.0.2 ;\n-   Thunderbird 1.5.0.10 ;\n-   Seamonkey 1.0.8 ;\n-   Network Security Services 3.11.5.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n  \n  \n\nLa branche de d\u00e9veloppement 1.5.x de Firefox ne sera plus maintenue\nau-del\u00e0 du 24 avril 2007.\n",
  "cves": [
    {
      "name": "CVE-2007-0981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0981"
    },
    {
      "name": "CVE-2007-0779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0779"
    },
    {
      "name": "CVE-2007-0008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0008"
    },
    {
      "name": "CVE-2007-0800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0800"
    },
    {
      "name": "CVE-2007-0009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0009"
    },
    {
      "name": "CVE-2006-6077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6077"
    },
    {
      "name": "CVE-2007-0776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0776"
    },
    {
      "name": "CVE-2007-0780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0780"
    },
    {
      "name": "CVE-2007-0995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0995"
    },
    {
      "name": "CVE-2007-0775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0775"
    },
    {
      "name": "CVE-2007-0777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0777"
    },
    {
      "name": "CVE-2007-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0778"
    }
  ],
  "initial_release_date": "2007-02-26T00:00:00",
  "last_revision_date": "2007-03-27T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2007-3 du 23 f\u00e9vrier 2007",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-003.html"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Gentoo GLSA-200703-08 du 09 mars 2007",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2007-1 du 23 f\u00e9vrier 2007",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-001.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2007-2 du 23 f\u00e9vrier 2007",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-002.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2007-5 du 23 f\u00e9vrier 2007",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-005.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2007-6 du 23 f\u00e9vrier 2007",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-006.html"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Red Hat RHSA-2007:0078 du 02 mars  2007",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0078.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2007-7 du 23 f\u00e9vrier 2007",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-007.html"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Gentoo GLSA-200703-22 du 20 mars 2007",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 SuSE SUSE-SA:2007:022 du 20 mars 2007",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0006.html"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Red Hat RHSA-2007:0079 du 23 f\u00e9vrier 2007",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0079.html"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Mandriva MDKSA-2007:050 du 28 f\u00e9vrier 2007",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Ubuntu USN-428-1 du 26 f\u00e9vrier 2007",
      "url": "http://www.ubuntu.com/usn/usn-428-1"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Red Hat RHSA-2007:0077 du 23 f\u00e9vrier 2007",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Gentoo GLSA-200703-18 du 16 mars 2007",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-18.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2007-8 du 23 f\u00e9vrier 2007",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-008.html"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Mandriva MDKSA-2007:050-1 du 02 mars 2007",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050-1"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Gentoo GLSA-200703-04 du 02 mars 2007",
      "url": "http://www.gentoo.org/security/en/glsa-200703-04.xml"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Ubuntu USN-428-2 du 02 mars 2007",
      "url": "http://www.ubuntu.com/usn/usn-428-2"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Ubuntu USN-431-1 du 07 mars 2007",
      "url": "http://www.ubuntu.com/usn/usn-431-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2007-4 du 23 f\u00e9vrier 2007",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-004.html"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 SuSE SUSE-SA:2007:019 du 06 mars 2007 :",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
    }
  ],
  "reference": "CERTA-2007-AVI-102",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-02-26T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence \u00e0 la mise \u00e0 jour de s\u00e9curit\u00e9 Red Hat.",
      "revision_date": "2007-03-05T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux mises \u00e0 jour de s\u00e9curit\u00e9 Ubuntu, Gentoo, SuSE, Mandriva.",
      "revision_date": "2007-03-13T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux mises \u00e0 jour de s\u00e9curit\u00e9 Ubuntu, Gentoo, SuSE, Mandriva, Red Hat.",
      "revision_date": "2007-03-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s sur les produits \u003cspan\nclass=\"textit\"\u003eMozilla\u003c/span\u003e cit\u00e9s ci-dessus permettraient le\ncontournement de la politique de s\u00e9curit\u00e9, l\u0027atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es ou l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": "2007-02-26",
      "title": "Notes de mises \u00e0 jour de Firefox 2.0.0.2",
      "url": "None"
    },
    {
      "published_at": "2007-02-26",
      "title": "Notes de mises \u00e0 jour de Seamonkey 1.0.8",
      "url": "None"
    },
    {
      "published_at": "2007-02-26",
      "title": "Notes de mises \u00e0 jour de Thunderbird 1.5.0.10",
      "url": "None"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-0995 (GCVE-0-2007-0995)

Vulnerability from cvelistv5

cve-2007-0995

Vulnerability from jvndb

CERTA-2007-AVI-102

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature