Vulnerability Details CVE-2007-2060
Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.047
EPSS Ranking 89.0%
CVSS Severity
CVSS v2 Score 6.8
References
- http://osvdb.org/34534
- http://secunia.com/advisories/24913
- http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/
- http://www.kb.cert.org/vuls/id/319464
- http://www.kb.cert.org/vuls/id/MIMG-6ZKP4T
- http://www.securityfocus.com/bid/23523
- http://www.vupen.com/english/advisories/2007/1425
- https://addons.mozilla.org/en-US/firefox/addon/424
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33693
- http://osvdb.org/34534
- http://secunia.com/advisories/24913
- http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/
- http://www.kb.cert.org/vuls/id/319464
- http://www.kb.cert.org/vuls/id/MIMG-6ZKP4T
- http://www.securityfocus.com/bid/23523
- http://www.vupen.com/english/advisories/2007/1425
- https://addons.mozilla.org/en-US/firefox/addon/424
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33693
Products affected by CVE-2007-2060
-
cpe:2.3:a:wizz_computers:wizz_rss_reader:*