Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5338

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-5338
Last Modified 07 Mar 2011 12:00:00
Published 21 Oct 2007 04:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5338

Summary

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.

Vulnerable Systems

Application

  • Mozilla Firefox 2.0.0.7

  • Mozilla Seamonkey 1.1.4


References

CONFIRM - http://www.mozilla.org/security/announce/2007/mfsa2007-35.html

FEDORA - FEDORA-2007-2664

FEDORA - FEDORA-2007-2601

FEDORA - FEDORA-2007-3431

CONFIRM - https://issues.rpath.com/browse/RPL-1858

XF - mozilla-xpcnativewrapper-code-execution(37288)

VUPEN - ADV-2008-0083

VUPEN - ADV-2007-3587

VUPEN - ADV-2007-3544

UBUNTU - USN-535-1

UBUNTU - USN-536-1

BID - 26132

BUGTRAQ - 20071029 rPSA-2007-0225-2 firefox thunderbird

BUGTRAQ - 20071029 FLEA-2007-0062-1 firefox

BUGTRAQ - 20071026 rPSA-2007-0225-1 firefox

REDHAT - RHSA-2007:0981

REDHAT - RHSA-2007:0980

REDHAT - RHSA-2007:0979

SUSE - SUSE-SA:2007:057

MANDRIVA - MDKSA-2007:202

GENTOO - GLSA-200711-14

DEBIAN - DSA-1401

DEBIAN - DSA-1396

DEBIAN - DSA-1392

CONFIRM - http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

SUNALERT - 201516

SECTRACK - 1018836

SECUNIA - 28398

SECUNIA - 27680

SECUNIA - 27665

SECUNIA - 27480

SECUNIA - 27425

SECUNIA - 27414

SECUNIA - 27403

SECUNIA - 27387

SECUNIA - 27383

SECUNIA - 27360

SECUNIA - 27356

SECUNIA - 27336

SECUNIA - 27335

SECUNIA - 27327

SECUNIA - 27325

SECUNIA - 27315

SECUNIA - 27311

SECUNIA - 27298

SECUNIA - 27276

HP - SSRT061181

HP - HPSBUX02153


Last Updated: 27 May 2016 10:47:26