CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-2870

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.075

EPSS Ranking 91.4%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2007-2870

Mozilla » Firefox » Version: 1.5

cpe:2.3:a:mozilla:firefox:1.5
Mozilla » Firefox » Version: 1.5.0.1

cpe:2.3:a:mozilla:firefox:1.5.0.1
Mozilla » Firefox » Version: 1.5.0.10

cpe:2.3:a:mozilla:firefox:1.5.0.10
Mozilla » Firefox » Version: 1.5.0.11

cpe:2.3:a:mozilla:firefox:1.5.0.11
Mozilla » Firefox » Version: 1.5.0.2

cpe:2.3:a:mozilla:firefox:1.5.0.2
Mozilla » Firefox » Version: 1.5.0.3

cpe:2.3:a:mozilla:firefox:1.5.0.3
Mozilla » Firefox » Version: 1.5.0.4

cpe:2.3:a:mozilla:firefox:1.5.0.4
Mozilla » Firefox » Version: 1.5.0.5

cpe:2.3:a:mozilla:firefox:1.5.0.5
Mozilla » Firefox » Version: 1.5.0.6

cpe:2.3:a:mozilla:firefox:1.5.0.6
Mozilla » Firefox » Version: 1.5.0.7

cpe:2.3:a:mozilla:firefox:1.5.0.7
Mozilla » Firefox » Version: 1.5.0.8

cpe:2.3:a:mozilla:firefox:1.5.0.8
Mozilla » Firefox » Version: 1.5.0.9

cpe:2.3:a:mozilla:firefox:1.5.0.9
Mozilla » Firefox » Version: 2.0

cpe:2.3:a:mozilla:firefox:2.0
Mozilla » Firefox » Version: 2.0.0.1

cpe:2.3:a:mozilla:firefox:2.0.0.1
Mozilla » Firefox » Version: 2.0.0.2

cpe:2.3:a:mozilla:firefox:2.0.0.2
Mozilla » Firefox » Version: 2.0.0.3

cpe:2.3:a:mozilla:firefox:2.0.0.3
Mozilla » Seamonkey » Version: 1.0.9

cpe:2.3:a:mozilla:seamonkey:1.0.9
Mozilla » Seamonkey » Version: 1.1.2

cpe:2.3:a:mozilla:seamonkey:1.1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-2870

Products

Pricing

Contact Us