CVE-2007-0996

Severity Score

5.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

Los marcos hijo en Mozilla Firefox anterior a 1.5.0.10 y 2.x anterior 2.0.0.2, y SeaMonkey anterior a 1.0.8 heredan el charset por defecto desde la ventana padre, lo caul permite a atacantes remotos conducir ataques de secuencias de comandos en sitios cruzados (XSS), como se demostró utilizando a codificación de caracteres UTF-7.

*Credits: N/A

CVSS Scores

NISTv2 5.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-02-16 CVE Reserved
2007-02-27 CVE Published
2024-07-22 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (43)

URL	Tag	Source
http://osvdb.org/33812	Vdb Entry
http://secunia.com/advisories/24205	Third Party Advisory
http://secunia.com/advisories/24287	Third Party Advisory
http://secunia.com/advisories/24290	Third Party Advisory
http://secunia.com/advisories/24320	Third Party Advisory
http://secunia.com/advisories/24328	Third Party Advisory
http://secunia.com/advisories/24333	Third Party Advisory
http://secunia.com/advisories/24342	Third Party Advisory
http://secunia.com/advisories/24343	Third Party Advisory
http://secunia.com/advisories/24384	Third Party Advisory
http://secunia.com/advisories/24395	Third Party Advisory
http://secunia.com/advisories/24455	Third Party Advisory
http://secunia.com/advisories/24457	Third Party Advisory
http://secunia.com/advisories/24650	Third Party Advisory
http://secunia.com/advisories/25588	Third Party Advisory
http://www.securityfocus.com/archive/1/461076/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/461336/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/22694	Vdb Entry
http://www.securitytracker.com/id?1017702	Vdb Entry
http://www.vupen.com/english/advisories/2007/0718	Vdb Entry
https://issues.rpath.com/browse/RPL-1103	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10086	Signature

URL	Date	SRC

URL	Date	SRC
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html	2018-10-16

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc	2018-10-16
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc	2018-10-16
http://fedoranews.org/cms/node/2713	2018-10-16
http://fedoranews.org/cms/node/2728	2018-10-16
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	2018-10-16
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html	2018-10-16
http://rhn.redhat.com/errata/RHSA-2007-0077.html	2018-10-16
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131	2018-10-16
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851	2018-10-16
http://www.debian.org/security/2007/dsa-1336	2018-10-16
http://www.hardened-php.net/advisory_032007.142.html	2018-10-16
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050	2018-10-16
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html	2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0078.html	2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0079.html	2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0097.html	2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0108.html	2018-10-16
http://www.ubuntu.com/usn/usn-428-1	2018-10-16
https://access.redhat.com/security/cve/CVE-2007-0996	2007-03-14
https://bugzilla.redhat.com/show_bug.cgi?id=1618288	2007-03-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5 Search vendor "Mozilla" for product "Firefox" and version "1.5"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5 Search vendor "Mozilla" for product "Firefox" and version "1.5"		beta1		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5 Search vendor "Mozilla" for product "Firefox" and version "1.5"		beta2		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.1 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.2 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.2"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.3 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.3"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.4 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.4"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.5 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.5"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.6 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.6"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.7 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.7"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.8 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.8"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.9 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.9"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0 Search vendor "Mozilla" for product "Firefox" and version "2.0"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0 Search vendor "Mozilla" for product "Firefox" and version "2.0"		beta_1		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0 Search vendor "Mozilla" for product "Firefox" and version "2.0"		rc2		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0 Search vendor "Mozilla" for product "Firefox" and version "2.0"		rc3		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0.0.1 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.1"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0"		alpha		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0"		dev		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0"		beta		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.1 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.1"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.2 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.2"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.3 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.3"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.4 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.4"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.5 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.5"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.6 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.6"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.7 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.7"		-		Affected