// For flags

CVE-2007-5338

 

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.

Mozilla Firefox versiones anteriores a 2.0.0.8 y SeaMonkey versiones anteriores a 1.1.5, permite a atacantes remotos ejecutar Javascript arbitrario con privilegios de usuario mediante el objeto Script para modificar XPCNativeWrappers de una manera que causa que el script se ejecute cuando una acción chrome sea realizada.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-10-10 CVE Reserved
  • 2007-10-21 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-11-08 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-16: Configuration
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (50)
URL Tag Source
http://securitytracker.com/id?1018836 Vdb Entry
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html X_refsource_confirm
http://www.securityfocus.com/archive/1/482876/100/200/threaded Mailing List
http://www.securityfocus.com/archive/1/482925/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/482932/100/200/threaded Mailing List
http://www.securityfocus.com/bid/26132 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/37288 Vdb Entry
https://issues.rpath.com/browse/RPL-1858 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10965 Signature
URL Date SRC
URL Date SRC
http://www.mozilla.org/security/announce/2007/mfsa2007-35.html 2018-10-15
URL Date SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 2018-10-15
http://secunia.com/advisories/27276 2018-10-15
http://secunia.com/advisories/27298 2018-10-15
http://secunia.com/advisories/27311 2018-10-15
http://secunia.com/advisories/27315 2018-10-15
http://secunia.com/advisories/27325 2018-10-15
http://secunia.com/advisories/27327 2018-10-15
http://secunia.com/advisories/27335 2018-10-15
http://secunia.com/advisories/27336 2018-10-15
http://secunia.com/advisories/27356 2018-10-15
http://secunia.com/advisories/27360 2018-10-15
http://secunia.com/advisories/27383 2018-10-15
http://secunia.com/advisories/27387 2018-10-15
http://secunia.com/advisories/27403 2018-10-15
http://secunia.com/advisories/27414 2018-10-15
http://secunia.com/advisories/27425 2018-10-15
http://secunia.com/advisories/27480 2018-10-15
http://secunia.com/advisories/27665 2018-10-15
http://secunia.com/advisories/27680 2018-10-15
http://secunia.com/advisories/28398 2018-10-15
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1 2018-10-15
http://www.debian.org/security/2007/dsa-1392 2018-10-15
http://www.debian.org/security/2007/dsa-1396 2018-10-15
http://www.debian.org/security/2007/dsa-1401 2018-10-15
http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml 2018-10-15
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202 2018-10-15
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-0979.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-0980.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-0981.html 2018-10-15
http://www.ubuntu.com/usn/usn-536-1 2018-10-15
http://www.vupen.com/english/advisories/2007/3544 2018-10-15
http://www.vupen.com/english/advisories/2007/3587 2018-10-15
http://www.vupen.com/english/advisories/2008/0083 2018-10-15
https://usn.ubuntu.com/535-1 2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html 2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html 2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html 2018-10-15
https://access.redhat.com/security/cve/CVE-2007-5338 2007-10-19
https://bugzilla.redhat.com/show_bug.cgi?id=1618326 2007-10-19
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 <= 2.0.0.7
Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.7"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 <= 1.1.4
Search vendor "Mozilla" for product "Seamonkey" and version " <= 1.1.4"
-
Affected