A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2007-03-06T00:00:00
Updated: 2017-10-10T00:57:01
Reserved: 2007-02-16T00:00:00
Link: CVE-2007-0994
JSON object: View
NVD Information
Status : Modified
Published: 2007-03-06T00:19:00.000
Modified: 2019-10-09T22:52:17.553
Link: CVE-2007-0994
JSON object: View
Redhat Information
No data.
CWE