Vulnerability Description
Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."
CVSS Score
9.3
HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 2.0 |
References
- ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
- ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://secunia.com/advisories/25589
- http://secunia.com/advisories/26072
- http://secunia.com/advisories/26095PatchVendor Advisory
- http://secunia.com/advisories/26103
- http://secunia.com/advisories/26106
- http://secunia.com/advisories/26107
- http://secunia.com/advisories/26149
- http://secunia.com/advisories/26151
- http://secunia.com/advisories/26159
- http://secunia.com/advisories/26179
- http://secunia.com/advisories/26204
- http://secunia.com/advisories/26205
FAQ
What is CVE-2007-3737?
CVE-2007-3737 is a vulnerability with a CVSS score of 9.3 (HIGH). Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."
How severe is CVE-2007-3737?
CVE-2007-3737 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3737?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.