{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2007-0994","title":"Title"},{"category":"description","text":"A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2007-0994","url":"https://www.suse.com/security/cve/CVE-2007-0994"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 244923 for CVE-2007-0994","url":"https://bugzilla.suse.com/244923"},{"category":"external","summary":"Advisory link for SUSE-SA:2007:019","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/S32CD3CP3UN6UJWY7ANEKAS6GVBYXHU2/#S32CD3CP3UN6UJWY7ANEKAS6GVBYXHU2"},{"category":"external","summary":"Advisory link for SUSE-SA:2007:022","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GSACUWXOTYI2HT5IHOBIDS6RBK2VLAFE/#GSACUWXOTYI2HT5IHOBIDS6RBK2VLAFE"}],"title":"SUSE CVE CVE-2007-0994","tracking":{"current_release_date":"2025-10-08T01:54:25Z","generator":{"date":"2023-02-15T06:13:01Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2007-0994","initial_release_date":"2023-02-15T06:13:01Z","revision_history":[{"date":"2023-02-15T06:13:01Z","number":"2","summary":"Current version"},{"date":"2023-12-08T05:19:19Z","number":"3","summary":"Current version"},{"date":"2023-12-09T03:41:14Z","number":"4","summary":"Current version"},{"date":"2025-03-14T08:35:51Z","number":"5","summary":"Current version"},{"date":"2025-03-17T03:11:12Z","number":"6","summary":"Current version"},{"date":"2025-04-25T14:41:16Z","number":"7","summary":"Current version"},{"date":"2025-10-08T01:54:25Z","number":"8","summary":"Current version"}],"status":"interim","version":"8"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Desktop 15","product":{"name":"SUSE Linux Enterprise Desktop 15","product_id":"SUSE Linux Enterprise Desktop 15","product_identification_helper":{"cpe":"cpe:/o:suse:sled:15"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 15 SP1","product":{"name":"SUSE Linux Enterprise Desktop 15 SP1","product_id":"SUSE Linux Enterprise Desktop 15 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sled:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15","product":{"name":"SUSE Linux Enterprise Server 15","product_id":"SUSE Linux Enterprise Server 15","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP1","product":{"name":"SUSE Linux Enterprise Server 15 SP1","product_id":"SUSE Linux Enterprise Server 15 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15","product_id":"SUSE Linux Enterprise Server for SAP Applications 15","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP1","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Workstation Extension 15","product":{"name":"SUSE Linux Enterprise Workstation Extension 15","product_id":"SUSE Linux Enterprise Workstation Extension 15","product_identification_helper":{"cpe":"cpe:/o:suse:sle-we:15"}}},{"category":"product_name","name":"SUSE Linux Enterprise Workstation Extension 15 SP1","product":{"name":"SUSE Linux Enterprise Workstation Extension 15 SP1","product_id":"SUSE Linux Enterprise Workstation Extension 15 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sle-we:15:sp1"}}},{"category":"product_version","name":"MozillaThunderbird","product":{"name":"MozillaThunderbird","product_id":"MozillaThunderbird","product_identification_helper":{"cpe":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/MozillaThunderbird@?upstream=MozillaThunderbird.src.rpm"}}},{"category":"product_version","name":"MozillaThunderbird-devel","product":{"name":"MozillaThunderbird-devel","product_id":"MozillaThunderbird-devel","product_identification_helper":{"cpe":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/MozillaThunderbird-devel@?upstream=MozillaThunderbird.src.rpm"}}},{"category":"product_version","name":"MozillaThunderbird-translations-common","product":{"name":"MozillaThunderbird-translations-common","product_id":"MozillaThunderbird-translations-common","product_identification_helper":{"cpe":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/MozillaThunderbird-translations-common@?upstream=MozillaThunderbird.src.rpm"}}},{"category":"product_version","name":"MozillaThunderbird-translations-other","product":{"name":"MozillaThunderbird-translations-other","product_id":"MozillaThunderbird-translations-other","product_identification_helper":{"cpe":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/MozillaThunderbird-translations-other@?upstream=MozillaThunderbird.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird as component of SUSE Linux Enterprise Server 15","product_id":"SUSE Linux Enterprise Server 15:MozillaThunderbird"},"product_reference":"MozillaThunderbird","relates_to_product_reference":"SUSE Linux Enterprise Server 15"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-devel as component of SUSE Linux Enterprise Server 15","product_id":"SUSE Linux Enterprise Server 15:MozillaThunderbird-devel"},"product_reference":"MozillaThunderbird-devel","relates_to_product_reference":"SUSE Linux Enterprise Server 15"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-translations-common as component of SUSE Linux Enterprise Server 15","product_id":"SUSE Linux Enterprise Server 15:MozillaThunderbird-translations-common"},"product_reference":"MozillaThunderbird-translations-common","relates_to_product_reference":"SUSE Linux Enterprise Server 15"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-translations-other as component of SUSE Linux Enterprise Server 15","product_id":"SUSE Linux Enterprise Server 15:MozillaThunderbird-translations-other"},"product_reference":"MozillaThunderbird-translations-other","relates_to_product_reference":"SUSE Linux Enterprise Server 15"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird as component of SUSE Linux Enterprise Server for SAP Applications 15","product_id":"SUSE Linux Enterprise Server for SAP Applications 15:MozillaThunderbird"},"product_reference":"MozillaThunderbird","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-devel as component of SUSE Linux Enterprise Server for SAP Applications 15","product_id":"SUSE Linux Enterprise Server for SAP Applications 15:MozillaThunderbird-devel"},"product_reference":"MozillaThunderbird-devel","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-translations-common as component of SUSE Linux Enterprise Server for SAP Applications 15","product_id":"SUSE Linux Enterprise Server for SAP Applications 15:MozillaThunderbird-translations-common"},"product_reference":"MozillaThunderbird-translations-common","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-translations-other as component of SUSE Linux Enterprise Server for SAP Applications 15","product_id":"SUSE Linux Enterprise Server for SAP Applications 15:MozillaThunderbird-translations-other"},"product_reference":"MozillaThunderbird-translations-other","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird as component of SUSE Linux Enterprise Desktop 15","product_id":"SUSE Linux Enterprise Desktop 15:MozillaThunderbird"},"product_reference":"MozillaThunderbird","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-devel as component of SUSE Linux Enterprise Desktop 15","product_id":"SUSE Linux Enterprise Desktop 15:MozillaThunderbird-devel"},"product_reference":"MozillaThunderbird-devel","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-translations-common as component of SUSE Linux Enterprise Desktop 15","product_id":"SUSE Linux Enterprise Desktop 15:MozillaThunderbird-translations-common"},"product_reference":"MozillaThunderbird-translations-common","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-translations-other as component of SUSE Linux Enterprise Desktop 15","product_id":"SUSE Linux Enterprise Desktop 15:MozillaThunderbird-translations-other"},"product_reference":"MozillaThunderbird-translations-other","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird as component of SUSE Linux Enterprise Workstation Extension 15","product_id":"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird"},"product_reference":"MozillaThunderbird","relates_to_product_reference":"SUSE Linux Enterprise Workstation Extension 15"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-devel as component of SUSE Linux Enterprise Workstation Extension 15","product_id":"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-devel"},"product_reference":"MozillaThunderbird-devel","relates_to_product_reference":"SUSE Linux Enterprise Workstation Extension 15"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-translations-common as component of SUSE Linux Enterprise Workstation Extension 15","product_id":"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common"},"product_reference":"MozillaThunderbird-translations-common","relates_to_product_reference":"SUSE Linux Enterprise Workstation Extension 15"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-translations-other as component of SUSE Linux Enterprise Workstation Extension 15","product_id":"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other"},"product_reference":"MozillaThunderbird-translations-other","relates_to_product_reference":"SUSE Linux Enterprise Workstation Extension 15"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird as component of SUSE Linux Enterprise Server 15 SP1","product_id":"SUSE Linux Enterprise Server 15 SP1:MozillaThunderbird"},"product_reference":"MozillaThunderbird","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-translations-common as component of SUSE Linux Enterprise Server 15 SP1","product_id":"SUSE Linux Enterprise Server 15 SP1:MozillaThunderbird-translations-common"},"product_reference":"MozillaThunderbird-translations-common","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-translations-other as component of SUSE Linux Enterprise Server 15 SP1","product_id":"SUSE Linux Enterprise Server 15 SP1:MozillaThunderbird-translations-other"},"product_reference":"MozillaThunderbird-translations-other","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaThunderbird"},"product_reference":"MozillaThunderbird","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-translations-common as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaThunderbird-translations-common"},"product_reference":"MozillaThunderbird-translations-common","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-translations-other as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaThunderbird-translations-other"},"product_reference":"MozillaThunderbird-translations-other","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird as component of SUSE Linux Enterprise Desktop 15 SP1","product_id":"SUSE Linux Enterprise Desktop 15 SP1:MozillaThunderbird"},"product_reference":"MozillaThunderbird","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-translations-common as component of SUSE Linux Enterprise Desktop 15 SP1","product_id":"SUSE Linux Enterprise Desktop 15 SP1:MozillaThunderbird-translations-common"},"product_reference":"MozillaThunderbird-translations-common","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-translations-other as component of SUSE Linux Enterprise Desktop 15 SP1","product_id":"SUSE Linux Enterprise Desktop 15 SP1:MozillaThunderbird-translations-other"},"product_reference":"MozillaThunderbird-translations-other","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird as component of SUSE Linux Enterprise Workstation Extension 15 SP1","product_id":"SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird"},"product_reference":"MozillaThunderbird","relates_to_product_reference":"SUSE Linux Enterprise Workstation Extension 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-translations-common as component of SUSE Linux Enterprise Workstation Extension 15 SP1","product_id":"SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-common"},"product_reference":"MozillaThunderbird-translations-common","relates_to_product_reference":"SUSE Linux Enterprise Workstation Extension 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"MozillaThunderbird-translations-other as component of SUSE Linux Enterprise Workstation Extension 15 SP1","product_id":"SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-other"},"product_reference":"MozillaThunderbird-translations-other","relates_to_product_reference":"SUSE Linux Enterprise Workstation Extension 15 SP1"}]},"vulnerabilities":[{"cve":"CVE-2007-0994","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2007-0994"}],"notes":[{"category":"general","text":"A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Linux Enterprise Desktop 15 SP1:MozillaThunderbird","SUSE Linux Enterprise Desktop 15 SP1:MozillaThunderbird-translations-common","SUSE Linux Enterprise Desktop 15 SP1:MozillaThunderbird-translations-other","SUSE Linux Enterprise Desktop 15:MozillaThunderbird","SUSE Linux Enterprise Desktop 15:MozillaThunderbird-devel","SUSE Linux Enterprise Desktop 15:MozillaThunderbird-translations-common","SUSE Linux Enterprise Desktop 15:MozillaThunderbird-translations-other","SUSE Linux Enterprise Server 15 SP1:MozillaThunderbird","SUSE Linux Enterprise Server 15 SP1:MozillaThunderbird-translations-common","SUSE Linux Enterprise Server 15 SP1:MozillaThunderbird-translations-other","SUSE Linux Enterprise Server 15:MozillaThunderbird","SUSE Linux Enterprise Server 15:MozillaThunderbird-devel","SUSE Linux Enterprise Server 15:MozillaThunderbird-translations-common","SUSE Linux Enterprise Server 15:MozillaThunderbird-translations-other","SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaThunderbird","SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaThunderbird-translations-common","SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaThunderbird-translations-other","SUSE Linux Enterprise Server for SAP Applications 15:MozillaThunderbird","SUSE Linux Enterprise Server for SAP Applications 15:MozillaThunderbird-devel","SUSE Linux Enterprise Server for SAP Applications 15:MozillaThunderbird-translations-common","SUSE Linux Enterprise Server for SAP Applications 15:MozillaThunderbird-translations-other","SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird","SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-common","SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-other","SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird","SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-devel","SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common","SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other"]},"references":[{"category":"external","summary":"CVE-2007-0994","url":"https://www.suse.com/security/cve/CVE-2007-0994"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 244923 for CVE-2007-0994","url":"https://bugzilla.suse.com/244923"},{"category":"external","summary":"Advisory link for SUSE-SA:2007:019","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/S32CD3CP3UN6UJWY7ANEKAS6GVBYXHU2/#S32CD3CP3UN6UJWY7ANEKAS6GVBYXHU2"},{"category":"external","summary":"Advisory link for SUSE-SA:2007:022","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GSACUWXOTYI2HT5IHOBIDS6RBK2VLAFE/#GSACUWXOTYI2HT5IHOBIDS6RBK2VLAFE"}],"threats":[{"category":"impact","date":"2013-06-28T00:22:05Z","details":"moderate"}],"title":"CVE-2007-0994"}]}