CVE-2007-2870

Advisory lineage Upstream: 0 Downstream: 8

Downstream

DSA-1300-1 DSA-1306-1 DSA-1308-1 DTSA-45-1 DTSA-47-1 DTSA-51-1

Modified

Published: 01 Jun 2007, 00:00

Last modified:07 Aug 2024, 13:57

Vulnerability Summary

Overall Risk (default)

low

19/100

CVSS Score

4.3 MEDIUM

v2.0 (nvd)

EPSS Score

8.29% LOW

8% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

01 Jun 2007, 00:00

Published

Vulnerability first disclosed

07 Aug 2024, 13:57

Last Modified

Vulnerability information updated

Description

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site.

CVSS Metrics

v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 8.29%• Percentile: 92%

Affected Systems

Unknown•Firefox
1.5 | 1.5.0.1 | 1.5.0.2 | 1.5.0.3 | 1.5.0.4 | 1.5.0.5 | 1.5.0.6 | 1.5.0.7 | 1.5.0.8 | 1.5.0.9 | 1.5.0.10 | 1.5.0.11 | 2.0 | 2.0.0.1 | 2.0.0.2 | 2.0.0.3
mozilla•seamonkey
1.0.9 | 1.1.2