CVE-2007-0996

MEDIUM

Description

The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

http://fedoranews.org/cms/node/2713

http://fedoranews.org/cms/node/2728

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

http://osvdb.org/33812

http://rhn.redhat.com/errata/RHSA-2007-0077.html

http://secunia.com/advisories/24205

http://secunia.com/advisories/24287

http://secunia.com/advisories/24290

http://secunia.com/advisories/24320

http://secunia.com/advisories/24328

http://secunia.com/advisories/24333

http://secunia.com/advisories/24342

http://secunia.com/advisories/24343

http://secunia.com/advisories/24384

http://secunia.com/advisories/24395

http://secunia.com/advisories/24455

http://secunia.com/advisories/24457

http://secunia.com/advisories/24650

http://secunia.com/advisories/25588

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

http://www.debian.org/security/2007/dsa-1336

http://www.hardened-php.net/advisory_032007.142.html

http://www.mandriva.com/security/advisories?name=MDKSA-2007:050

http://www.mozilla.org/security/announce/2007/mfsa2007-02.html

http://www.novell.com/linux/security/advisories/2007_22_mozilla.html

http://www.redhat.com/support/errata/RHSA-2007-0078.html

http://www.redhat.com/support/errata/RHSA-2007-0079.html

http://www.redhat.com/support/errata/RHSA-2007-0097.html

http://www.redhat.com/support/errata/RHSA-2007-0108.html

http://www.securityfocus.com/archive/1/461076/100/0/threaded

http://www.securityfocus.com/archive/1/461336/100/0/threaded

http://www.securityfocus.com/bid/22694

http://www.securitytracker.com/id?1017702

http://www.ubuntu.com/usn/usn-428-1

http://www.vupen.com/english/advisories/2007/0718

https://issues.rpath.com/browse/RPL-1103

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10086

Details

Source: MITRE

Published: 2007-02-27

Updated: 2018-10-16

Risk Information

CVSS v2.0

Base Score: 5.8

Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM