Vulnerabilities > CVE-2007-2060 - Unspecified vulnerability in Wizz Computers Wizz RSS Reader
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
wizz-computers
Summary
Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://osvdb.org/34534
- http://secunia.com/advisories/24913
- http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/
- http://www.kb.cert.org/vuls/id/319464
- http://www.kb.cert.org/vuls/id/MIMG-6ZKP4T
- http://www.securityfocus.com/bid/23523
- http://www.vupen.com/english/advisories/2007/1425
- https://addons.mozilla.org/en-US/firefox/addon/424
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33693