CVE-2007-3736

Severity

43%

Complexity

86%

Confidentiality

48%

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed.

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N).

Overview

First reported 17 years ago

2007-07-18 17:30:00

Last updated 6 years ago

2018-10-15 21:30:00

Affected Software

Mozilla Firefox 2.0

2.0

Mozilla Firefox 2.0.0.1

2.0.0.1

Mozilla Firefox 2.0.0.2

2.0.0.2

Mozilla Firefox 2.0.0.3

2.0.0.3

Mozilla Firefox 2.0.0.4

2.0.0.4

References

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt

20070701-01-P

HPSBUX02153

25589

26072

26095

Patch, Vendor Advisory

26103

26106

26107

26149

26151

26159

26179

26204

26205

26211

26216

26258

26271

26460

28135

103177

201516

http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html

DSA-1337

DSA-1338

DSA-1339

GLSA-200708-09

MDKSA-2007:152

http://www.mozilla.org/security/announce/2007/mfsa2007-19.html

SUSE-SA:2007:049

RHSA-2007:0722

RHSA-2007:0723

RHSA-2007:0724

20070720 rPSA-2007-0148-1 firefox thunderbird

20070724 FLEA-2007-0033-1: firefox thunderbird

24946

1018410

USN-490-1

ADV-2007-2564

ADV-2007-4256

mozilla-addeventlistener-settimeout-xss(35462)

oval:org.mitre.oval:def:11749

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.