CVE-2007-0995

MEDIUM

Description

Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.

ID	Name	Product	Family	Severity
67455	Oracle Linux 4 : Firefox (ELSA-2007-0079)	Nessus	Oracle Linux Local Security Checks	high
67454	Oracle Linux 4 : thunderbird (ELSA-2007-0078)	Nessus	Oracle Linux Local Security Checks	high
67453	Oracle Linux 3 / 4 : seamonkey (ELSA-2007-0077)	Nessus	Oracle Linux Local Security Checks	high
67452	Oracle Linux 4 : seamonkey (ELSA-2007-0077-2)	Nessus	Oracle Linux Local Security Checks	high
63841	RHEL 5 : thunderbird (RHSA-2007:0108)	Nessus	Red Hat Local Security Checks	high
29359	SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 2683)	Nessus	SuSE Local Security Checks	high
28022	Ubuntu 6.06 LTS : firefox regression (USN-428-2)	Nessus	Ubuntu Local Security Checks	high
28021	Ubuntu 5.10 / 6.06 LTS / 6.10 : firefox vulnerabilities (USN-428-1)	Nessus	Ubuntu Local Security Checks	high
27440	openSUSE 10 Security Update : seamonkey (seamonkey-2811)	Nessus	SuSE Local Security Checks	high
27439	openSUSE 10 Security Update : seamonkey (seamonkey-2691)	Nessus	SuSE Local Security Checks	high
27119	openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2699)	Nessus	SuSE Local Security Checks	high
27118	openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2647)	Nessus	SuSE Local Security Checks	high
25779	Debian DSA-1336-1 : mozilla-firefox - several vulnerabilities	Nessus	Debian Local Security Checks	high
25318	RHEL 5 : firefox (RHSA-2007:0097)	Nessus	Red Hat Local Security Checks	high
24800	GLSA-200703-08 : SeaMonkey: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
24791	Slackware 11.0 : seamonkey (SSA:2007-066-05)	Nessus	Slackware Local Security Checks	high
24789	Slackware 10.2 / 11.0 : mozilla-firefox (SSA:2007-066-03)	Nessus	Slackware Local Security Checks	high
3942	LedgerSMB / SQL-Ledger Authentication Bypass	Nessus Network Monitor	Web Servers	medium
24774	RHEL 4 : thunderbird (RHSA-2007:0078)	Nessus	Red Hat Local Security Checks	high
24771	GLSA-200703-04 : Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
24763	CentOS 4 : thunderbird (CESA-2007:0078)	Nessus	CentOS Local Security Checks	high
24753	Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2007:050-1)	Nessus	Mandriva Local Security Checks	high
3931	Mozilla Thunderbird < 1.5.0.10 Multiple Vulnerabilities (deprecated)	Nessus Network Monitor	SMTP Clients	medium
24735	SeaMonkey < 1.0.8 Multiple Vulnerabilities	Nessus	Windows	high
24729	Fedora Core 6 : devhelp-0.12-10.fc6 / epiphany-2.16.3-2.fc6 / firefox-1.5.0.10-1.fc6 / etc (2007-293)	Nessus	Fedora Local Security Checks	high
3927	SeaMonkey < 1.0.8 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
24716	Fedora Core 5 : firefox-1.5.0.10-1.fc5 (2007-281)	Nessus	Fedora Local Security Checks	high
24708	RHEL 4 : Firefox (RHSA-2007:0079)	Nessus	Red Hat Local Security Checks	high
24707	RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:0077)	Nessus	Red Hat Local Security Checks	high
24705	FreeBSD : mozilla -- multiple vulnerabilities (12bd6ecf-c430-11db-95c5-000c6ec775d9)	Nessus	FreeBSD Local Security Checks	high
24704	CentOS 4 : firefox (CESA-2007:0079)	Nessus	CentOS Local Security Checks	high
24703	CentOS 3 / 4 : seamonkey (CESA-2007:0077)	Nessus	CentOS Local Security Checks	high
3922	Mozilla Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
24701	Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities	Nessus	Windows	high
801328	Mozilla Thunderbird < 1.5.0.10 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
800879	SeaMonkey < 1.0.8 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
800760	Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high

CVE-2007-0995

Description

References

Details

Risk Information

CVSS v2.0