Vulnerability Description
Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM.
CVSS Score
6.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wizz Computers | Wizz Rss Reader | <= 2.1.8 |
References
- http://osvdb.org/34534
- http://secunia.com/advisories/24913
- http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsef
- http://www.kb.cert.org/vuls/id/319464PatchUS Government Resource
- http://www.kb.cert.org/vuls/id/MIMG-6ZKP4T
- http://www.securityfocus.com/bid/23523
- http://www.vupen.com/english/advisories/2007/1425
- https://addons.mozilla.org/en-US/firefox/addon/424
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33693
- http://osvdb.org/34534
- http://secunia.com/advisories/24913
- http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsef
- http://www.kb.cert.org/vuls/id/319464PatchUS Government Resource
- http://www.kb.cert.org/vuls/id/MIMG-6ZKP4T
- http://www.securityfocus.com/bid/23523
FAQ
What is CVE-2007-2060?
CVE-2007-2060 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM.
How severe is CVE-2007-2060?
CVE-2007-2060 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2060?
Check the references section above for vendor advisories and patch information. Affected products include: Wizz Computers Wizz Rss Reader.