First published: Tue Mar 06 2007(Updated: )
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox | >=1.5<1.5.0.10 | |
Mozilla Firefox | >=2.0<2.0.0.2 | |
Mozilla SeaMonkey | >=1.1<1.1.1 | |
Mozilla SeaMonkey | >=1.0<1.0.8 | |
Debian Debian Linux | =3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.