CVE Vulnerability

CVE-2007-1947

Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by overwriting the toString function via a certain function declaration, related to incorrect identification of anonymous JavaScript functions, a different issue than CVE-2007-1878.

3.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://larholm.com/2007/04/06/more-0day-in-firebug/ Vendor Advisory
http://larholm.com/2007/04/06/more-0day-in-firebug/#comment-6 Patch Vendor Advisory
http://www.securityfocus.com/archive/1/464875/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:parakey_inc.:firebug:*:*:*:*:*:*:*:*
Information

Published : 2007-04-11 01:19

Updated : 2018-10-16 04:41

NVD link : CVE-2007-1947

Mitre link : CVE-2007-1947

Products Affected
No products.
CWE
NVD-CWE-Other