CVE-2007-0996

The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

Published: Feb 27, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-0996
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / seamonkey	1.0.3	1.0.3.x
mozilla / firefox	1.5-beta2	1.5-beta2.x
mozilla / seamonkey	1.0.1	1.0.1.x
mozilla / seamonkey	1.0.6	1.0.6.x
mozilla / firefox	1.5.0.6	1.5.0.6.x
mozilla / firefox	1.5.0.3	1.5.0.3.x
mozilla / seamonkey	1.0	1.0.x
mozilla / seamonkey	1.0.7	1.0.7.x
mozilla / seamonkey	1.0-beta	1.0-beta.x
mozilla / firefox	1.5-beta1	1.5-beta1.x
mozilla / firefox	1.5	1.5.x
mozilla / seamonkey	1.0.2	1.0.2.x
mozilla / firefox	1.5.0.7	1.5.0.7.x
mozilla / firefox	2.0	2.0.x
mozilla / seamonkey	1.0.5	1.0.5.x
mozilla / firefox	1.5.0.8	1.5.0.8.x
mozilla / firefox	1.5.0.9	1.5.0.9.x
mozilla / firefox	1.5.0.5	1.5.0.5.x
mozilla / firefox	1.5.0.2	1.5.0.2.x
mozilla / firefox	2.0-rc2	2.0-rc2.x
mozilla / firefox	2.0.0.1	2.0.0.1.x
mozilla / seamonkey	1.0.4	1.0.4.x
mozilla / firefox	2.0-beta_1	2.0-beta_1.x
mozilla / firefox	1.5.0.4	1.5.0.4.x
mozilla / firefox	1.5.0.1	1.5.0.1.x
mozilla / firefox	2.0-rc3	2.0-rc3.x

Vulnerability Database

289,871

CVE-2007-0996