[Japanese]
|
JVNDB-2007-000176
|
Mozilla Firefox cross-site scripting vulnerability
|
Mozilla Firefox, web browser from Mozilla Corporation and Mozilla Japan, contains a cross-site scripting vulnerability.
Mozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability.
|
CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
mozilla.org contributors
- Mozilla Firefox prior to version 2.0.0.2
- Mozilla Firefox prior to version 1.5.0.10
- Mozilla SeaMonkey prior to version 1.0.7
Turbolinux, Inc.
- Turbolinux 10_f
- Turbolinux Desktop 10
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux Server 10
- Turbolinux Server 10 (x64)
- Turbolinux Home
Hewlett-Packard Development Company, L.P
MIRACLE LINUX CORPORATION
- Asianux Server 2.0
- Asianux Server 2.1
- Asianux Server 4.0
- Asianux Server 4.0 (x86-64)
Red Hat, Inc.
- RHEL Optional Productivity Applications 5 (server)
- Red Hat Enterprise Linux 5 (server)
- Red Hat Enterprise Linux 2.1 (as)
- Red Hat Enterprise Linux 3 (as)
- Red Hat Enterprise Linux 4 (as)
- Red Hat Enterprise Linux 2.1 (es)
- Red Hat Enterprise Linux 3 (es)
- Red Hat Enterprise Linux 4 (es)
- Red Hat Enterprise Linux 2.1 (ws)
- Red Hat Enterprise Linux 3 (ws)
- Red Hat Enterprise Linux 4 (ws)
- Red Hat Enterprise Linux Desktop 3.0
- Red Hat Enterprise Linux Desktop 4.0
- Red Hat Enterprise Linux Desktop 5.0 (client)
- Red Hat Linux Advanced Workstation 2.1
- RHEL Desktop Workstation 5 (client)
|
|
An arbitrary script may be executed on the user's web browser.
|
[Upgrade the Software]
Mozilla has released Firefox 2.0.0.2 and 1.5.0.10 which address this vulnerability. We recommend that users of the affected products upgrade to the fixed version of the software.
|
mozilla.org contributors
Turbolinux, Inc.
Hewlett-Packard Development Company, L.P
MIRACLE LINUX CORPORATION
Red Hat, Inc.
|
|
- CVE-2007-0995
|
- JVN : JVN#38605899
- National Vulnerability Database (NVD) : CVE-2007-0995
- Secunia Advisory : SA24205
- Secunia Advisory : SA24238
- SecurityFocus : 22694
- FrSIRT Advisories : FrSIRT/ADV-2007-0718
|
- [2008/05/21]
Web page published
|