Debian : Security Vulnerabilities, CVEs, Published In March 2007
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.
Max CVSS
6.8
EPSS Score
3.47%
Published
2007-03-06
Updated
2019-10-09
The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
Max CVSS
6.6
EPSS Score
0.04%
Published
2007-03-03
Updated
2017-07-29
2 vulnerabilities found