Vulnerability CVE-2007-2060


Published: 2007-04-17   Modified: 2012-02-12

Description:
Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Wizz computers -> Wizz rss reader 

 References:
http://www.kb.cert.org/vuls/id/319464
https://addons.mozilla.org/en-US/firefox/addon/424
http://www.vupen.com/english/advisories/2007/1425
http://www.kb.cert.org/vuls/id/MIMG-6ZKP4T
http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/
http://osvdb.org/34534
http://xforce.iss.net/xforce/xfdb/33693
http://www.securityfocus.com/bid/23523
http://secunia.com/advisories/24913

Copyright 2024, cxsecurity.com

 

Back to Top