CVE-2007-2060

Published Apr 18, 2007

Last updated 7 years ago

Overview

Description: Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wizz_computers:wizz_rss_reader:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68FDED1D-8340-4E6B-9B9F-F9A96BA2BFBC",
            "versionEndIncluding": "2.1.8"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

https://nvd.nist.gov/vuln/detail/CVE-2007-2060
http://osvdb.org/34534
http://secunia.com/advisories/24913
http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/
http://www.kb.cert.org/vuls/id/319464
http://www.kb.cert.org/vuls/id/MIMG-6ZKP4T
http://www.securityfocus.com/bid/23523
http://www.vupen.com/english/advisories/2007/1425
https://addons.mozilla.org/en-US/firefox/addon/424
https://exchange.xforce.ibmcloud.com/vulnerabilities/33693

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References