CVE-2007-5338

CVSS v2.0 9.3 (High)

EPSS 1.59 % (88^th)

Affected Products 2

Advisories 8

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.

Weaknesses

CWE-16: Configuration
CWE-264: Permissions, Privileges, and Access Controls

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2007-10-21 20:17:00
(17 years ago)
Updated Date: 2018-10-15 21:43:11
(6 years ago)

Affected Products

Mozilla

Firefox
Seamonkey

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox 2.0.0.7 and prior versions	cpe:2.3:a:mozilla:firefox		<= 2.0.0.7
	Mozilla Seamonkey 1.1.4 and prior versions	cpe:2.3:a:mozilla:seamonkey		<= 1.1.4