CVE-2007-2870

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	1.5 (including)	1.5 (including)
Firefox	Mozilla	1.5.0.1 (including)	1.5.0.1 (including)
Firefox	Mozilla	1.5.0.2 (including)	1.5.0.2 (including)
Firefox	Mozilla	1.5.0.3 (including)	1.5.0.3 (including)
Firefox	Mozilla	1.5.0.4 (including)	1.5.0.4 (including)
Firefox	Mozilla	1.5.0.5 (including)	1.5.0.5 (including)
Firefox	Mozilla	1.5.0.6 (including)	1.5.0.6 (including)
Firefox	Mozilla	1.5.0.7 (including)	1.5.0.7 (including)
Firefox	Mozilla	1.5.0.8 (including)	1.5.0.8 (including)
Firefox	Mozilla	1.5.0.9 (including)	1.5.0.9 (including)
Firefox	Mozilla	1.5.0.10 (including)	1.5.0.10 (including)
Firefox	Mozilla	1.5.0.11 (including)	1.5.0.11 (including)
Firefox	Mozilla	2.0 (including)	2.0 (including)
Firefox	Mozilla	2.0.0.1 (including)	2.0.0.1 (including)
Firefox	Mozilla	2.0.0.2 (including)	2.0.0.2 (including)
Firefox	Mozilla	2.0.0.3 (including)	2.0.0.3 (including)
Seamonkey	Mozilla	1.0.9 (including)	1.0.9 (including)
Seamonkey	Mozilla	1.1.2 (including)	1.1.2 (including)
Red Hat Enterprise Linux 2.1	RedHat	seamonkey-0:1.0.9-0.1.el2	*
Red Hat Enterprise Linux 3	RedHat	seamonkey-0:1.0.9-0.1.el3	*
Red Hat Enterprise Linux 4	RedHat	firefox-0:1.5.0.12-0.1.el4	*
Red Hat Enterprise Linux 4	RedHat	devhelp-0:0.10-0.8.el4	*
Red Hat Enterprise Linux 4	RedHat	seamonkey-0:1.0.9-2.el4	*
Red Hat Enterprise Linux 5	RedHat	devhelp-0:0.12-11.el5	*
Red Hat Enterprise Linux 5	RedHat	firefox-0:1.5.0.12-1.el5	*
Red Hat Enterprise Linux 5	RedHat	yelp-0:2.16.0-15.el5	*
Firefox	Ubuntu	dapper	*
Firefox	Ubuntu	edgy	*
Firefox	Ubuntu	feisty	*
Iceape	Ubuntu	devel	*
Lightning-sunbird	Ubuntu	devel	*
Midbrowser	Ubuntu	devel	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-2870
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References