CVE - CVE-2007-5338

CVE-ID
CVE-2007-5338	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1018836 URL:http://securitytracker.com/id?1018836 MISC:20071026 rPSA-2007-0225-1 firefox URL:http://www.securityfocus.com/archive/1/482876/100/200/threaded MISC:20071029 FLEA-2007-0062-1 firefox URL:http://www.securityfocus.com/archive/1/482925/100/0/threaded MISC:20071029 rPSA-2007-0225-2 firefox thunderbird URL:http://www.securityfocus.com/archive/1/482932/100/200/threaded MISC:201516 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1~~ (Obsolete source) MISC:26132 URL:http://www.securityfocus.com/bid/26132 MISC:27276 URL:http://secunia.com/advisories/27276 MISC:27298 URL:http://secunia.com/advisories/27298 MISC:27311 URL:http://secunia.com/advisories/27311 MISC:27315 URL:http://secunia.com/advisories/27315 MISC:27325 URL:http://secunia.com/advisories/27325 MISC:27327 URL:http://secunia.com/advisories/27327 MISC:27335 URL:http://secunia.com/advisories/27335 MISC:27336 URL:http://secunia.com/advisories/27336 MISC:27356 URL:http://secunia.com/advisories/27356 MISC:27360 URL:http://secunia.com/advisories/27360 MISC:27383 URL:http://secunia.com/advisories/27383 MISC:27387 URL:http://secunia.com/advisories/27387 MISC:27403 URL:http://secunia.com/advisories/27403 MISC:27414 URL:http://secunia.com/advisories/27414 MISC:27425 URL:http://secunia.com/advisories/27425 MISC:27480 URL:http://secunia.com/advisories/27480 MISC:27665 URL:http://secunia.com/advisories/27665 MISC:27680 URL:http://secunia.com/advisories/27680 MISC:28398 URL:http://secunia.com/advisories/28398 MISC:ADV-2007-3544 URL:~~http://www.vupen.com/english/advisories/2007/3544~~ (Obsolete source) MISC:ADV-2007-3587 URL:~~http://www.vupen.com/english/advisories/2007/3587~~ (Obsolete source) MISC:ADV-2008-0083 URL:~~http://www.vupen.com/english/advisories/2008/0083~~ (Obsolete source) MISC:DSA-1392 URL:http://www.debian.org/security/2007/dsa-1392 MISC:DSA-1396 URL:http://www.debian.org/security/2007/dsa-1396 MISC:DSA-1401 URL:http://www.debian.org/security/2007/dsa-1401 MISC:FEDORA-2007-2601 URL:https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html MISC:FEDORA-2007-2664 URL:https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html MISC:FEDORA-2007-3431 URL:https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html MISC:GLSA-200711-14 URL:http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml MISC:HPSBUX02153 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 MISC:MDKSA-2007:202 URL:~~http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202~~ (Obsolete source) MISC:RHSA-2007:0979 URL:http://www.redhat.com/support/errata/RHSA-2007-0979.html MISC:RHSA-2007:0980 URL:http://www.redhat.com/support/errata/RHSA-2007-0980.html MISC:RHSA-2007:0981 URL:http://www.redhat.com/support/errata/RHSA-2007-0981.html MISC:SSRT061181 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 MISC:SUSE-SA:2007:057 URL:http://www.novell.com/linux/security/advisories/2007_57_mozilla.html MISC:USN-535-1 URL:https://usn.ubuntu.com/535-1/ MISC:USN-536-1 URL:http://www.ubuntu.com/usn/usn-536-1 MISC:http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html URL:http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html MISC:http://www.mozilla.org/security/announce/2007/mfsa2007-35.html URL:http://www.mozilla.org/security/announce/2007/mfsa2007-35.html MISC:https://issues.rpath.com/browse/RPL-1858 URL:https://issues.rpath.com/browse/RPL-1858 MISC:mozilla-xpcnativewrapper-code-execution(37288) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/37288 MISC:oval:org.mitre.oval:def:10965 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10965
Assigning CNA
Red Hat, Inc.
Date Record Created
20071010	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071010)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)