CVE-2007-0994 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2007-0994 Interim 1 10 2025-11-05T06:22:45Z current 2021-05-30T12:38:01Z 2025-11-05T06:22:45Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2007-0994 A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/S32CD3CP3UN6UJWY7ANEKAS6GVBYXHU2/#S32CD3CP3UN6UJWY7ANEKAS6GVBYXHU2 E-Mail link for SUSE-SA:2007:019 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GSACUWXOTYI2HT5IHOBIDS6RBK2VLAFE/#GSACUWXOTYI2HT5IHOBIDS6RBK2VLAFE E-Mail link for SUSE-SA:2007:022 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1 MozillaThunderbird MozillaThunderbird-devel MozillaThunderbird-translations-common MozillaThunderbird-translations-other MozillaThunderbird as a component of SUSE Linux Enterprise Workstation Extension 15 MozillaThunderbird-devel as a component of SUSE Linux Enterprise Workstation Extension 15 MozillaThunderbird-translations-common as a component of SUSE Linux Enterprise Workstation Extension 15 MozillaThunderbird-translations-other as a component of SUSE Linux Enterprise Workstation Extension 15 MozillaThunderbird as a component of SUSE Linux Enterprise Workstation Extension 15 SP1 MozillaThunderbird-translations-common as a component of SUSE Linux Enterprise Workstation Extension 15 SP1 MozillaThunderbird-translations-other as a component of SUSE Linux Enterprise Workstation Extension 15 SP1 A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges. CVE-2007-0994 SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-common SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-other SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-devel SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P