NVD

Id
54048  
Name
CVE-2007-1878  
Description
Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as demonstrated via the runFile function, related to lack of HTML escaping in the property name.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2007-04-05  
Modified Date
2011-03-07  
Seq
2007-1878  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
274128 54048 CVE-2007-1878 http://larholm.com/2007/04/06/0day-vulnerability-in-firebug/  View
274129 54048 CVE-2007-1878 2525  View
274130 54048 CVE-2007-1878 http://www.getfirebug.com/blog/2007/04/04/security-update/  View
274131 54048 CVE-2007-1878 http://www.gnucitizen.org/blog/firebug-goes-evil  View
274132 54048 CVE-2007-1878 20070404 Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug  View
274133 54048 CVE-2007-1878 20070404 Re: [WEB SECURITY] Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug  View
274134 54048 CVE-2007-1878 23315  View
274135 54048 CVE-2007-1878 ADV-2007-1272  View
274136 54048 CVE-2007-1878 firefox-firebug-console-security-bypass(33451)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
54949 JVNDB-2007-003641 Mozilla Firefox 用の Firebug エクステンションにおけるクロスゾーンスクリプティングの脆弱性 Mozilla Firefox 用の Firebug エクステンションの console.log 関数で使用される DOM テンプレート (domplates) は、プロパティ名内に HTML エスケープに関する不備があるため、クロスゾーンスクリプティングの脆弱性が存在します。 CVE-2007-1878 25233 CVE-2007-1878 54048 6.8 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-003641.html 2007-04-05 2012-09-25 View