Your submission was sent successfully! Close

CVE-2007-3736

Published: 18 July 2007

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed.

Priority

Unknown

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream Needs triage

iceape
Launchpad, Ubuntu, Debian
Upstream Needs triage

midbrowser
Launchpad, Ubuntu, Debian
Upstream Needs triage