6.8

CVE-2007-1878

Exploit

EPSS 1.82%
Veröffentlicht 06.04.2007 00:19:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as demonstrated via the runFile function, related to lack of HTML escaping in the property name.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Parakey Inc. ≫ Firebug Version1.01

Parakey Inc. ≫ Firebug Version1.02

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.82%	0.823

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://larholm.com/2007/04/06/0day-vulnerability-in-firebug/

http://secunia.com/advisories/24743

Vendor Advisory

http://securityreason.com/securityalert/2525

http://www.getfirebug.com/blog/2007/04/04/security-update/

Patch

http://www.gnucitizen.org/blog/firebug-goes-evil

Exploit

http://www.securityfocus.com/archive/1/464740/100/0/threaded

http://www.securityfocus.com/archive/1/464786/100/0/threaded

http://www.securityfocus.com/bid/23315

Exploit

http://www.vupen.com/english/advisories/2007/1272

https://exchange.xforce.ibmcloud.com/vulnerabilities/33451

https://nvd.nist.gov/vuln/detail/CVE-2007-1878

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1878

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1878

EUVD