Unrated severityNVD Advisory· Published Jul 18, 2007· Updated Jun 16, 2026
CVE-2007-3736
CVE-2007-3736
Description
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
- (no CPE)range: <2.0.0.5
- osv-coords3 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 2 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
- (no CPE)range: < 91.1.1-1.1
Patches
Vulnerability mechanics
References
43- secunia.com/advisories/26095nvdPatchVendor Advisory
- ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txtnvd
- patches.sgi.com/support/free/security/advisories/20070701-01-P.ascnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- secunia.com/advisories/25589nvd
- secunia.com/advisories/26072nvd
- secunia.com/advisories/26103nvd
- secunia.com/advisories/26106nvd
- secunia.com/advisories/26107nvd
- secunia.com/advisories/26149nvd
- secunia.com/advisories/26151nvd
- secunia.com/advisories/26159nvd
- secunia.com/advisories/26179nvd
- secunia.com/advisories/26204nvd
- secunia.com/advisories/26205nvd
- secunia.com/advisories/26211nvd
- secunia.com/advisories/26216nvd
- secunia.com/advisories/26258nvd
- secunia.com/advisories/26271nvd
- secunia.com/advisories/26460nvd
- secunia.com/advisories/28135nvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.htmlnvd
- www.debian.org/security/2007/dsa-1337nvd
- www.debian.org/security/2007/dsa-1338nvd
- www.debian.org/security/2007/dsa-1339nvd
- www.gentoo.org/security/en/glsa/glsa-200708-09.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.mozilla.org/security/announce/2007/mfsa2007-19.htmlnvd
- www.novell.com/linux/security/advisories/2007_49_mozilla.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0722.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0723.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0724.htmlnvd
- www.securityfocus.com/archive/1/474226/100/0/threadednvd
- www.securityfocus.com/archive/1/474542/100/0/threadednvd
- www.securityfocus.com/bid/24946nvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-490-1nvd
- www.vupen.com/english/advisories/2007/2564nvd
- www.vupen.com/english/advisories/2007/4256nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/35462nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11749nvd
News mentions
0No linked articles in our index yet.