CVE-2007-2870

CVSS v2.0 4.3 (Medium)

EPSS 36.80 % (97^th)

Affected Products 2

Advisories 7

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site.

Weaknesses

CWE-NVD-Other

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2007-06-01 00:30:00
(17 years ago)
Updated Date: 2018-10-16 16:46:12
(6 years ago)

Affected Products

Mozilla

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox 1.5	cpe:2.3:a:mozilla:firefox:1.5
	Mozilla Firefox 1.5.0.1	cpe:2.3:a:mozilla:firefox:1.5.0.1
	Mozilla Firefox 1.5.0.2	cpe:2.3:a:mozilla:firefox:1.5.0.2
	Mozilla Firefox 1.5.0.3	cpe:2.3:a:mozilla:firefox:1.5.0.3
	Mozilla Firefox 1.5.0.4	cpe:2.3:a:mozilla:firefox:1.5.0.4
	Mozilla Firefox 1.5.0.5	cpe:2.3:a:mozilla:firefox:1.5.0.5
	Mozilla Firefox 1.5.0.6	cpe:2.3:a:mozilla:firefox:1.5.0.6
	Mozilla Firefox 1.5.0.7	cpe:2.3:a:mozilla:firefox:1.5.0.7
	Mozilla Firefox 1.5.0.8	cpe:2.3:a:mozilla:firefox:1.5.0.8
	Mozilla Firefox 1.5.0.9	cpe:2.3:a:mozilla:firefox:1.5.0.9
	Mozilla Firefox 1.5.0.10	cpe:2.3:a:mozilla:firefox:1.5.0.10
	Mozilla Firefox 1.5.0.11	cpe:2.3:a:mozilla:firefox:1.5.0.11
	Mozilla Firefox 2.0	cpe:2.3:a:mozilla:firefox:2.0
	Mozilla Firefox 2.0.0.1	cpe:2.3:a:mozilla:firefox:2.0.0.1
	Mozilla Firefox 2.0.0.2	cpe:2.3:a:mozilla:firefox:2.0.0.2
	Mozilla Firefox 2.0.0.3	cpe:2.3:a:mozilla:firefox:2.0.0.3
	Mozilla Seamonkey 1.0.9	cpe:2.3:a:mozilla:seamonkey:1.0.9
	Mozilla Seamonkey 1.1.2	cpe:2.3:a:mozilla:seamonkey:1.1.2