Rapid7 Vulnerability & Exploit Database

MFSA2007-09 Firefox: Privilege escalation by setting img.src to javascript: URI (CVE-2007-0994)

Back to Search

MFSA2007-09 Firefox: Privilege escalation by setting img.src to javascript: URI (CVE-2007-0994)

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
03/05/2007
Created
07/25/2018
Added
06/14/2012
Modified
05/09/2019

Description

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.

Solution(s)

  • mozilla-firefox-upgrade-1_5_0_10
  • mozilla-firefox-upgrade-2_0_0_2

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;