CVE - CVE-2007-2870

CVE-ID
CVE-2007-2870	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1018160 URL:http://www.securitytracker.com/id?1018160 MISC:1018161 URL:http://www.securitytracker.com/id?1018161 MISC:20070531 FLEA-2007-0023-1: firefox URL:http://www.securityfocus.com/archive/1/470172/100/200/threaded MISC:24242 URL:http://www.securityfocus.com/bid/24242 MISC:25469 URL:http://secunia.com/advisories/25469 MISC:25476 URL:http://secunia.com/advisories/25476 MISC:25488 URL:http://secunia.com/advisories/25488 MISC:25490 URL:http://secunia.com/advisories/25490 MISC:25491 URL:http://secunia.com/advisories/25491 MISC:25533 URL:http://secunia.com/advisories/25533 MISC:25534 URL:http://secunia.com/advisories/25534 MISC:25559 URL:http://secunia.com/advisories/25559 MISC:25635 URL:http://secunia.com/advisories/25635 MISC:25647 URL:http://secunia.com/advisories/25647 MISC:25685 URL:http://secunia.com/advisories/25685 MISC:25750 URL:http://secunia.com/advisories/25750 MISC:25858 URL:http://secunia.com/advisories/25858 MISC:35136 URL:~~http://osvdb.org/35136~~ (Obsolete source) MISC:ADV-2007-1994 URL:~~http://www.vupen.com/english/advisories/2007/1994~~ (Obsolete source) MISC:DSA-1300 URL:http://www.debian.org/security/2007/dsa-1300 MISC:DSA-1306 URL:http://www.debian.org/security/2007/dsa-1306 MISC:DSA-1308 URL:http://www.debian.org/security/2007/dsa-1308 MISC:GLSA-200706-06 URL:http://security.gentoo.org/glsa/glsa-200706-06.xml MISC:HPSBUX02153 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 MISC:MDKSA-2007:120 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:120~~ (Obsolete source) MISC:MDKSA-2007:126 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:126~~ (Obsolete source) MISC:RHSA-2007:0400 URL:http://www.redhat.com/support/errata/RHSA-2007-0400.html MISC:RHSA-2007:0402 URL:http://www.redhat.com/support/errata/RHSA-2007-0402.html MISC:SSA:2007-152-02 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857 MISC:SSRT061181 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 MISC:SUSE-SA:2007:036 URL:http://www.novell.com/linux/security/advisories/2007_36_mozilla.html MISC:TA07-151A URL:http://www.us-cert.gov/cas/techalerts/TA07-151A.html MISC:USN-468-1 URL:http://www.ubuntu.com/usn/usn-468-1 MISC:http://www.mozilla.org/security/announce/2007/mfsa2007-16.html URL:http://www.mozilla.org/security/announce/2007/mfsa2007-16.html MISC:https://issues.rpath.com/browse/RPL-1424 URL:https://issues.rpath.com/browse/RPL-1424 MISC:mozilla-addeventlistener-xss(34614) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34614 MISC:oval:org.mitre.oval:def:9547 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9547
Assigning CNA
Red Hat, Inc.
Date Record Created
20070529	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070529)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE™ List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2025, The MITRE Corporation. CVE is a trademark and the CVE logo is a registered trademark of The MITRE Corporation.