CVE-2007-3737

Upstream information

CVE-2007-3737 at MITRE

Description

Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having critical severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

SUSE Bugzilla entry: 288115 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SA:2007:049, published Thu, 02 Aug 2007 16:00:00 +0000
openSUSE-SU-2014:1100-1, published Tue, 9 Sep 2014 18:04:16 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Server 11 SP1	`MozillaFirefox >= 3.5.9-0.1.1` `MozillaFirefox-translations >= 3.5.9-0.1.1`
SUSE Linux Enterprise Server 11 SP2	`MozillaFirefox >= 10.0-0.3.2` `MozillaFirefox-translations >= 10.0-0.3.2`
SUSE Linux Enterprise Server 11 SP3	`MozillaFirefox >= 17.0.4esr-0.10.42` `MozillaFirefox-translations >= 17.0.4esr-0.10.42`
SUSE Linux Enterprise Server 11 SP4	`MozillaFirefox >= 31.7.0esr-0.8.1` `MozillaFirefox-translations >= 31.7.0esr-0.8.1`
SUSE Linux Enterprise Software Development Kit 11 SP4	`MozillaFirefox-devel >= 31.7.0esr-0.8.1`
SUSE LINUX 10.0	`MozillaFirefox >= 2.0.0.5-1.1` `MozillaFirefox-translations >= 2.0.0.5-1.1`
SUSE LINUX 10.1	`MozillaFirefox >= 2.0.0.5-1.2` `MozillaFirefox-translations >= 2.0.0.5-1.2`
SUSE LINUX 10.0	`mozilla >= 1.8_seamonkey_1.0.9-2.5` `mozilla-calendar >= 1.8_seamonkey_1.0.9-2.5` `mozilla-devel >= 1.8_seamonkey_1.0.9-2.5` `mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-2.5` `mozilla-irc >= 1.8_seamonkey_1.0.9-2.5` `mozilla-ko >= 1.75-3.4` `mozilla-mail >= 1.8_seamonkey_1.0.9-2.5` `mozilla-spellchecker >= 1.8_seamonkey_1.0.9-2.5` `mozilla-venkman >= 1.8_seamonkey_1.0.9-2.5` `mozilla-zh-CN >= 1.7-6.4` `mozilla-zh-TW >= 1.7-6.4`
Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64	`MozillaFirefox >= 1.5.0.12-0.3` `MozillaFirefox-translations >= 1.5.0.12-0.3`	Builds YOU Patch Nr: 11655
SUSE LINUX 10.0	`MozillaThunderbird >= 1.5.0.12-1.4`
Novell Linux Desktop 9 for x86	`mozilla >= 1.8_seamonkey_1.0.9-1.4` `mozilla-cs >= 1.8_seamonkey_1.0.4-0.6` `mozilla-deat >= 1.8_seamonkey_1.0.4-0.6` `mozilla-devel >= 1.8_seamonkey_1.0.9-1.4` `mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-1.4` `mozilla-hu >= 1.80_seamonkey_1.0.4-4` `mozilla-irc >= 1.8_seamonkey_1.0.9-1.4` `mozilla-mail >= 1.8_seamonkey_1.0.9-1.4` `mozilla-venkman >= 1.8_seamonkey_1.0.9-1.4`	core9.s390 core9.x86 YOU Patch Nr: 11657
Novell Linux Desktop 9 for x86_64	`mozilla >= 1.8_seamonkey_1.0.9-1.4` `mozilla-cs >= 1.8_seamonkey_1.0.4-0.6` `mozilla-deat >= 1.8_seamonkey_1.0.4-0.6` `mozilla-devel >= 1.8_seamonkey_1.0.9-1.4` `mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-1.4` `mozilla-hu >= 1.80_seamonkey_1.0.4-4` `mozilla-irc >= 1.8_seamonkey_1.0.9-1.4` `mozilla-lib64 >= 1.6-0.10` `mozilla-mail >= 1.8_seamonkey_1.0.9-1.4` `mozilla-venkman >= 1.8_seamonkey_1.0.9-1.4`	core9.s390 core9.x86 YOU Patch Nr: 11657
Open Enterprise Server	`mozilla >= 1.8_seamonkey_1.0.9-1.4` `mozilla-calendar >= 1.8_seamonkey_1.0.9-1.4` `mozilla-cs >= 1.8_seamonkey_1.0.4-0.6` `mozilla-deat >= 1.8_seamonkey_1.0.4-0.6` `mozilla-devel >= 1.8_seamonkey_1.0.9-1.4` `mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-1.4` `mozilla-hu >= 1.80_seamonkey_1.0.4-4` `mozilla-irc >= 1.8_seamonkey_1.0.9-1.4` `mozilla-mail >= 1.8_seamonkey_1.0.9-1.4` `mozilla-venkman >= 1.8_seamonkey_1.0.9-1.4`	core9.s390 core9.x86 YOU Patch Nr: 11657
SUSE LINUX Retail Solution 8 SuSE Linux Enterprise Server 8 for AMD64 SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries SuSE Linux Enterprise Server 8 for IBM zSeries SuSE Linux Enterprise Server 8 for IPF SuSE Linux Openexchange Server 4 SuSE Linux School Server for i386 SuSE Linux Standard Server 8 UnitedLinux 1.0	`mozilla >= 1.8_seamonkey_1.0.9-0.10` `mozilla-calendar >= 1.8_seamonkey_1.0.9-0.10` `mozilla-devel >= 1.8_seamonkey_1.0.9-0.10` `mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-0.10` `mozilla-irc >= 1.8_seamonkey_1.0.9-0.10` `mozilla-mail >= 1.8_seamonkey_1.0.9-0.10` `mozilla-spellchecker >= 1.8_seamonkey_1.0.9-0.10` `mozilla-venkman >= 1.8_seamonkey_1.0.9-0.10` `mozilla-xmlterm >= 1.8_seamonkey_1.0.9-0.10`	slrs8.x86 ul1.s390 YOU Patch Nr: 11656
SUSE LINUX 10.1	`seamonkey >= 1.0.9-1.3` `seamonkey-calendar >= 1.0.9-1.3` `seamonkey-dom-inspector >= 1.0.9-1.3` `seamonkey-irc >= 1.0.9-1.3` `seamonkey-mail >= 1.0.9-1.3` `seamonkey-spellchecker >= 1.0.9-1.3` `seamonkey-venkman >= 1.0.9-1.3`