CVE-2007-2871

Advisory lineage Upstream: 0 Downstream: 9

Downstream

DSA-1300-1 DSA-1306-1 DSA-1308-1 DTSA-45-1 DTSA-47-1 DTSA-51-1

Modified

Published: 01 Jun 2007, 00:00

Last modified:07 Aug 2024, 13:57

Vulnerability Summary

Overall Risk (default)

low

21/100

CVSS Score

4.3 MEDIUM

v2.0 (nvd)

EPSS Score

16.95% MEDIUM

17% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

01 Jun 2007, 00:00

Published

Vulnerability first disclosed

07 Aug 2024, 13:57

Last Modified

Vulnerability information updated

Description

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.

CVSS Metrics

v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 16.95%• Percentile: 95%

Affected Systems

mozilla•firefox
1.5 | 1.5.0.1 | 1.5.0.2 | 1.5.0.3 | 1.5.0.4 | 1.5.0.5 | 1.5.0.6 | 1.5.0.7 | 1.5.0.8 | 1.5.0.9 | 1.5.0.10 | 1.5.0.11 | 2.0 | 2.0.0.1 | 2.0.0.2 | 2.0.0.3
mozilla•seamonkey
1.0.9 | 1.1.2