Vulnerability Description
The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 1.5 |
| Mozilla | Seamonkey | 1.0 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
- ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
- http://fedoranews.org/cms/node/2713
- http://fedoranews.org/cms/node/2728
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
- http://osvdb.org/33812
- http://rhn.redhat.com/errata/RHSA-2007-0077.html
- http://secunia.com/advisories/24205
- http://secunia.com/advisories/24287
- http://secunia.com/advisories/24290
- http://secunia.com/advisories/24320
- http://secunia.com/advisories/24328
- http://secunia.com/advisories/24333
- http://secunia.com/advisories/24342
FAQ
What is CVE-2007-0996?
CVE-2007-0996 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cros...
How severe is CVE-2007-0996?
CVE-2007-0996 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0996?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey.