CVE-2007-1878

critical

Description

Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as demonstrated via the runFile function, related to lack of HTML escaping in the property name.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/33451

http://www.vupen.com/english/advisories/2007/1272

http://www.securityfocus.com/archive/1/464786/100/0/threaded

http://www.securityfocus.com/archive/1/464740/100/0/threaded

http://www.getfirebug.com/blog/2007/04/04/security-update/

http://securityreason.com/securityalert/2525

http://secunia.com/advisories/24743

http://larholm.com/2007/04/06/0day-vulnerability-in-firebug/

Details

Source: Mitre, NVD

Published: 2007-04-06

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.02872