browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 00:26
Type | Values Removed | Values Added |
---|---|---|
References | () ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc - Broken Link | |
References | () ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc - Broken Link | |
References | () http://fedoranews.org/cms/node/2713 - Broken Link | |
References | () http://fedoranews.org/cms/node/2728 - Broken Link | |
References | () http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 - Broken Link | |
References | () http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html - Broken Link | |
References | () http://rhn.redhat.com/errata/RHSA-2007-0077.html - Third Party Advisory | |
References | () http://secunia.com/advisories/24205 - Third Party Advisory | |
References | () http://secunia.com/advisories/24238 - Third Party Advisory | |
References | () http://secunia.com/advisories/24287 - Third Party Advisory | |
References | () http://secunia.com/advisories/24290 - Third Party Advisory | |
References | () http://secunia.com/advisories/24293 - Third Party Advisory | |
References | () http://secunia.com/advisories/24320 - Third Party Advisory | |
References | () http://secunia.com/advisories/24328 - Third Party Advisory | |
References | () http://secunia.com/advisories/24333 - Third Party Advisory | |
References | () http://secunia.com/advisories/24342 - Third Party Advisory | |
References | () http://secunia.com/advisories/24343 - Third Party Advisory | |
References | () http://secunia.com/advisories/24384 - Third Party Advisory | |
References | () http://secunia.com/advisories/24393 - Third Party Advisory | |
References | () http://secunia.com/advisories/24395 - Third Party Advisory | |
References | () http://secunia.com/advisories/24437 - Third Party Advisory | |
References | () http://secunia.com/advisories/24455 - Third Party Advisory | |
References | () http://secunia.com/advisories/24457 - Third Party Advisory | |
References | () http://secunia.com/advisories/24650 - Third Party Advisory | |
References | () http://security.gentoo.org/glsa/glsa-200703-04.xml - Third Party Advisory | |
References | () http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 - Mailing List, Third Party Advisory | |
References | () http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 - Mailing List, Third Party Advisory | |
References | () http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml - Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 - Third Party Advisory | |
References | () http://www.mozilla.org/security/announce/2007/mfsa2007-05.html - Patch, Vendor Advisory | |
References | () http://www.novell.com/linux/security/advisories/2007_22_mozilla.html - Broken Link | |
References | () http://www.osvdb.org/32107 - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2007-0078.html - Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2007-0079.html - Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2007-0097.html - Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2007-0108.html - Third Party Advisory | |
References | () http://www.securityfocus.com/archive/1/461336/100/0/threaded - Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/archive/1/461809/100/0/threaded - Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/22694 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id?1017702 - Third Party Advisory, VDB Entry | |
References | () http://www.ubuntu.com/usn/usn-428-1 - Third Party Advisory | |
References | () http://www.vupen.com/english/advisories/2007/0718 - Third Party Advisory | |
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=354973 - Issue Tracking, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/32667 - Third Party Advisory, VDB Entry | |
References | () https://issues.rpath.com/browse/RPL-1081 - Broken Link | |
References | () https://issues.rpath.com/browse/RPL-1103 - Broken Link | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884 - Third Party Advisory |
Information
Published : 2007-02-26 20:28
Updated : 2024-11-21 00:26
NVD link : CVE-2007-0780
Mitre link : CVE-2007-0780
CVE.ORG link : CVE-2007-0780
JSON object : View
Products Affected
mozilla
- firefox
- seamonkey
canonical
- ubuntu_linux
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')