CVE-2007-0996

The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

Link	Resource
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html	Patch Vendor Advisory
http://www.hardened-php.net/advisory_032007.142.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0079.html
https://issues.rpath.com/browse/RPL-1103
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://rhn.redhat.com/errata/RHSA-2007-0077.html
http://www.redhat.com/support/errata/RHSA-2007-0078.html
http://www.redhat.com/support/errata/RHSA-2007-0097.html
http://www.redhat.com/support/errata/RHSA-2007-0108.html
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://www.ubuntu.com/usn/usn-428-1
http://www.securityfocus.com/bid/22694
http://www.securitytracker.com/id?1017702
http://secunia.com/advisories/24287
http://secunia.com/advisories/24290
http://secunia.com/advisories/24205
http://secunia.com/advisories/24328
http://secunia.com/advisories/24333
http://secunia.com/advisories/24343
http://secunia.com/advisories/24320
http://secunia.com/advisories/24395
http://secunia.com/advisories/24384
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://secunia.com/advisories/24650
http://www.debian.org/security/2007/dsa-1336
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://secunia.com/advisories/24455
http://secunia.com/advisories/24457
http://secunia.com/advisories/24342
http://secunia.com/advisories/25588
http://osvdb.org/33812
http://www.vupen.com/english/advisories/2007/0718
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10086
http://www.securityfocus.com/archive/1/461336/100/0/threaded
http://www.securityfocus.com/archive/1/461076/100/0/threaded

Configuration 1

cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*

---

Published : 2007-02-27 02:28

Updated : 2018-10-16 04:36

---

NVD link : CVE-2007-0996

Mitre link : CVE-2007-0996

No products.

NVD-CWE-Other