CVE-2007-5338

Severity

93%

Complexity

86%

Confidentiality

165%

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

Mozilla

First reported 17 years ago

2007-10-21 20:17:00

Last updated 6 years ago

2018-10-15 21:43:00

Affected Software

Mozilla Firefox

Mozilla SeaMonkey

References

HPSBUX02153

27276

Vendor Advisory

27298

Vendor Advisory

27311

Vendor Advisory

27315

Vendor Advisory

27325

Vendor Advisory

27327

Vendor Advisory

27335

Vendor Advisory

27336

Vendor Advisory

27356

Vendor Advisory

27360

Vendor Advisory

27383

Vendor Advisory

27387

Vendor Advisory

27403

Vendor Advisory

27414

Vendor Advisory

27425

Vendor Advisory

27480

Vendor Advisory

27665

Vendor Advisory

27680

Vendor Advisory

28398

Vendor Advisory

1018836

201516

http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

DSA-1392

DSA-1396

DSA-1401

GLSA-200711-14

MDKSA-2007:202

http://www.mozilla.org/security/announce/2007/mfsa2007-35.html

Patch

SUSE-SA:2007:057

RHSA-2007:0979

RHSA-2007:0980

Vendor Advisory

RHSA-2007:0981

Vendor Advisory

20071026 rPSA-2007-0225-1 firefox

20071029 FLEA-2007-0062-1 firefox

20071029 rPSA-2007-0225-2 firefox thunderbird

26132

USN-536-1

ADV-2007-3544

Vendor Advisory

ADV-2007-3587

Vendor Advisory

ADV-2008-0083

Vendor Advisory

mozilla-xpcnativewrapper-code-execution(37288)

https://issues.rpath.com/browse/RPL-1858

oval:org.mitre.oval:def:10965

USN-535-1

FEDORA-2007-3431

FEDORA-2007-2601

FEDORA-2007-2664

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.