CVE-2007-2060

Sažetak

Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM.

Reference

http://osvdb.org/34534
http://secunia.com/advisories/24913
http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/
http://www.kb.cert.org/vuls/id/319464
http://www.kb.cert.org/vuls/id/MIMG-6ZKP4T
http://www.securityfocus.com/bid/23523
http://www.vupen.com/english/advisories/2007/1425
https://addons.mozilla.org/en-US/firefox/addon/424
https://exchange.xforce.ibmcloud.com/vulnerabilities/33693

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-07-2017 - 01:31

Objavljeno

18-04-2007 - 03:19