Bug 13978

Summary:	[CVE 21] firefox 116.0.3 CVEs CVE-2007-0896 EXPLOIT https://www.exploit-db.com/download/29573 found
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Yury <y.tumanov>
Component:	System (kernel, glibc, systemd, bash, PAM...)	Assignee:	ROSA Linux Bugs <bugs>
Status:	RESOLVED INVALID	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	blocker
Priority:	Highest	CC:	y.tumanov
Version:	All	Flags:	y.tumanov: secteam_verified+
Target Milestone:	---
Hardware:	All
OS:	Linux
URL:	CVE-2007-0896 https://www.exploit-db.com/download/29573
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Yury 2023-10-20 15:33:26 MSK

[CVE 21] firefox 116.0.3 CVEs CVE-2007-0896 EXPLOIT https://www.exploit-db.com/download/29573 found 

firefox	116.0.3	CVE-2007-0896	Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.			4,3	MEDIUM	CWE-79	CAPEC-209||CAPEC-588||CAPEC-591||CAPEC-592||CAPEC-63||CAPEC-85||		Не найден	https://nvd.nist.gov/vuln/detail/CVE-2007-0896	https://www.exploit-db.com/download/29573

Comment 1 Yury 2023-10-20 15:34:27 MSK

Неактуальна, у нас ФФ 118, и в целом описание некорректное