CVE-2007-1878

Exploit

EPSS 5.04%
Veröffentlicht 06.04.2007 00:19:00
Zuletzt bearbeitet 16.06.2026 22:38:29
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as demonstrated via the runFile function, related to lack of HTML escaping in the property name.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Parakey Inc. ≫ Firebug Version1.01

Parakey Inc. ≫ Firebug Version1.02

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.04%	0.912

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://larholm.com/2007/04/06/0day-vulnerability-in-firebug/

http://secunia.com/advisories/24743

Vendor Advisory

http://securityreason.com/securityalert/2525

http://www.getfirebug.com/blog/2007/04/04/security-update/

Patch

http://www.gnucitizen.org/blog/firebug-goes-evil

Exploit

http://www.securityfocus.com/archive/1/464740/100/0/threaded

http://www.securityfocus.com/archive/1/464786/100/0/threaded

http://www.securityfocus.com/bid/23315

Exploit

http://www.vupen.com/english/advisories/2007/1272

https://exchange.xforce.ibmcloud.com/vulnerabilities/33451

https://nvd.nist.gov/vuln/detail/CVE-2007-1878

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1878

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1878

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2007-1878