Unrated severityNVD Advisory· Published Feb 27, 2007· Updated Jun 16, 2026
CVE-2007-0996
CVE-2007-0996
Description
The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
32cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
- (no CPE)range: <1.5.0.10 for 1.x; <2.0.0.2 for 2.x
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
- (no CPE)range: <1.0.8
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
Patches
Vulnerability mechanics
References
41- www.mozilla.org/security/announce/2007/mfsa2007-02.htmlnvdPatchVendor Advisory
- www.hardened-php.net/advisory_032007.142.htmlnvdVendor Advisory
- patches.sgi.com/support/free/security/advisories/20070202-01-P.ascnvd
- patches.sgi.com/support/free/security/advisories/20070301-01-P.ascnvd
- fedoranews.org/cms/node/2713nvd
- fedoranews.org/cms/node/2728nvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- lists.suse.com/archive/suse-security-announce/2007-Mar/0001.htmlnvd
- osvdb.org/33812nvd
- rhn.redhat.com/errata/RHSA-2007-0077.htmlnvd
- secunia.com/advisories/24205nvd
- secunia.com/advisories/24287nvd
- secunia.com/advisories/24290nvd
- secunia.com/advisories/24320nvd
- secunia.com/advisories/24328nvd
- secunia.com/advisories/24333nvd
- secunia.com/advisories/24342nvd
- secunia.com/advisories/24343nvd
- secunia.com/advisories/24384nvd
- secunia.com/advisories/24395nvd
- secunia.com/advisories/24455nvd
- secunia.com/advisories/24457nvd
- secunia.com/advisories/24650nvd
- secunia.com/advisories/25588nvd
- slackware.com/security/viewer.phpnvd
- slackware.com/security/viewer.phpnvd
- www.debian.org/security/2007/dsa-1336nvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2007_22_mozilla.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0078.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0079.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0097.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0108.htmlnvd
- www.securityfocus.com/archive/1/461076/100/0/threadednvd
- www.securityfocus.com/archive/1/461336/100/0/threadednvd
- www.securityfocus.com/bid/22694nvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-428-1nvd
- www.vupen.com/english/advisories/2007/0718nvd
- issues.rpath.com/browse/RPL-1103nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10086nvd
News mentions
0No linked articles in our index yet.