Unrated severityNVD Advisory· Published Feb 26, 2007· Updated Apr 23, 2026

CVE-2007-0995

Description

Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.

Affected products

Mozilla Corporation/Firefox3 versions
cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
Mozilla Corporation/Seamonkey
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Range: <=1.0.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.mozilla.org/security/announce/2007/mfsa2007-02.htmlnvdPatchVendor Advisory
patches.sgi.com/support/free/security/advisories/20070202-01-P.ascnvd
patches.sgi.com/support/free/security/advisories/20070301-01-P.ascnvd
fedoranews.org/cms/node/2713nvd
fedoranews.org/cms/node/2728nvd
h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
ha.ckers.org/xss.htmlnvd
lists.suse.com/archive/suse-security-announce/2007-Mar/0001.htmlnvd
osvdb.org/32112nvd
rhn.redhat.com/errata/RHSA-2007-0077.htmlnvd
secunia.com/advisories/24205nvd
secunia.com/advisories/24238nvd
secunia.com/advisories/24287nvd
secunia.com/advisories/24290nvd
secunia.com/advisories/24293nvd
secunia.com/advisories/24320nvd
secunia.com/advisories/24328nvd
secunia.com/advisories/24333nvd
secunia.com/advisories/24342nvd
secunia.com/advisories/24343nvd
secunia.com/advisories/24384nvd
secunia.com/advisories/24393nvd
secunia.com/advisories/24395nvd
secunia.com/advisories/24437nvd
secunia.com/advisories/24455nvd
secunia.com/advisories/24457nvd
secunia.com/advisories/24650nvd
secunia.com/advisories/25588nvd
security.gentoo.org/glsa/glsa-200703-04.xmlnvd
slackware.com/security/viewer.phpnvd
slackware.com/security/viewer.phpnvd
www.debian.org/security/2007/dsa-1336nvd
www.gentoo.org/security/en/glsa/glsa-200703-08.xmlnvd
www.mandriva.com/security/advisoriesnvd
www.novell.com/linux/security/advisories/2007_22_mozilla.htmlnvd
www.osvdb.org/32111nvd
www.redhat.com/support/errata/RHSA-2007-0078.htmlnvd
www.redhat.com/support/errata/RHSA-2007-0079.htmlnvd
www.redhat.com/support/errata/RHSA-2007-0097.htmlnvd
www.redhat.com/support/errata/RHSA-2007-0108.htmlnvd
www.securityfocus.com/archive/1/461336/100/0/threadednvd
www.securityfocus.com/archive/1/461809/100/0/threadednvd
www.securityfocus.com/bid/22694nvd
www.securitytracker.com/idnvd
www.ubuntu.com/usn/usn-428-1nvd
www.vupen.com/english/advisories/2007/0718nvd
www.vupen.com/english/advisories/2008/0083nvd
issues.rpath.com/browse/RPL-1081nvd
issues.rpath.com/browse/RPL-1103nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10164nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000