Configuration

CVE-2007-5338

High

9.3/10

Summary

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: COMPLETE
Confidentiality Impact: COMPLETE
Availability Impact: COMPLETE

CWE-16 - Configuration

Weaknesses in this category are typically introduced during the configuration of the software.

References

Advisory Timeline

Published Oct 21, 2007

Configuration

CVE-2007-5338

Summary

CWE-16 - Configuration

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS