Vulnerability Database

300,445

Total vulnerabilities in the database

CVE-2007-5338

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.

  • Published: Oct 21, 2007
  • Updated: Nov 9, 2025
  • CVE: CVE-2007-5338
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 9.3
  • AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

OWASP TOP 10:

Software From Fixed in
mozilla / seamonkey - 1.1.4.x
mozilla / firefox - 2.0.0.7.x