Home > Vulnerability Database > CVE-2007-0996

Mend.io Vulnerability Database

CVE-2007-0996

Date: February 26, 2007

The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

Severity Score

4.8

Related Resources (44)

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10086

Url: http://secunia.com/advisories/24290

Url: http://www.securityfocus.com/bid/22694

Url: http://fedoranews.org/cms/node/2728

Url: https://issues.rpath.com/browse/RPL-1103

Url: http://www.mozilla.org/security/announce/2007/mfsa2007-02.html

Url: http://www.hardened-php.net/advisory_032007.142.html

Url: ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

Url: http://secunia.com/advisories/24328

Url: http://secunia.com/advisories/24205

Url: http://www.securityfocus.com/archive/1/461076/100/0/threaded

Url: http://www.novell.com/linux/security/advisories/2007_22_mozilla.html

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

Url: http://secunia.com/advisories/24320

Url: http://secunia.com/advisories/24342

Url: http://secunia.com/advisories/24287

Url: http://www.redhat.com/support/errata/RHSA-2007-0079.html

Url: http://secunia.com/advisories/24384

Url: http://www.ubuntu.com/usn/usn-428-1

Url: http://osvdb.org/33812

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:050

Url: http://secunia.com/advisories/24343

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Url: http://www.securityfocus.com/archive/1/461336/100/0/threaded

Url: http://fedoranews.org/cms/node/2713

Url: https://access.redhat.com/security/cve/CVE-2007-0996

Url: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

Url: ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-0996

Url: http://www.debian.org/security/2007/dsa-1336

Url: http://www.securitytracker.com/id?1017702

Url: http://www.redhat.com/support/errata/RHSA-2007-0078.html

Url: http://secunia.com/advisories/24457

Url: http://rhn.redhat.com/errata/RHSA-2007-0077.html

Url: http://www.redhat.com/support/errata/RHSA-2007-0108.html

Url: http://www.vupen.com/english/advisories/2007/0718

Url: http://secunia.com/advisories/24650

Url: http://www.redhat.com/support/errata/RHSA-2007-0097.html

Url: http://secunia.com/advisories/24395

Url: http://secunia.com/advisories/25588

Url: http://secunia.com/advisories/24455

Url: http://secunia.com/advisories/24333

Url: https://www.mend.io/vulnerability-database/CVE-2007-0996

Severity Score

4.8

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-0996

Date: February 26, 2007

Severity Score

Related Resources (44)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?