Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-0780

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

Published

2007-02-26T20:28:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox	< 1.5.0.10	Yes
Application	mozilla	firefox	< 2.0.0.2	Yes
Application	mozilla	seamonkey	< 1.0.8	Yes
Operating System	canonical	ubuntu_linux	5.10	Yes
Operating System	canonical	ubuntu_linux	6.06	Yes
Operating System	canonical	ubuntu_linux	6.10	Yes

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc Broken Link ([email protected])
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc Broken Link ([email protected])
http://fedoranews.org/cms/node/2713 Broken Link ([email protected])
http://fedoranews.org/cms/node/2728 Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 Broken Link ([email protected])
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html Broken Link ([email protected])
http://rhn.redhat.com/errata/RHSA-2007-0077.html Third Party Advisory ([email protected])
http://secunia.com/advisories/24205 Third Party Advisory ([email protected])
http://secunia.com/advisories/24238 Third Party Advisory ([email protected])
http://secunia.com/advisories/24287 Third Party Advisory ([email protected])
http://secunia.com/advisories/24290 Third Party Advisory ([email protected])
http://secunia.com/advisories/24293 Third Party Advisory ([email protected])
http://secunia.com/advisories/24320 Third Party Advisory ([email protected])
http://secunia.com/advisories/24328 Third Party Advisory ([email protected])
http://secunia.com/advisories/24333 Third Party Advisory ([email protected])
http://secunia.com/advisories/24342 Third Party Advisory ([email protected])
http://secunia.com/advisories/24343 Third Party Advisory ([email protected])
http://secunia.com/advisories/24384 Third Party Advisory ([email protected])
http://secunia.com/advisories/24393 Third Party Advisory ([email protected])
http://secunia.com/advisories/24395 Third Party Advisory ([email protected])
http://secunia.com/advisories/24437 Third Party Advisory ([email protected])
http://secunia.com/advisories/24455 Third Party Advisory ([email protected])
http://secunia.com/advisories/24457 Third Party Advisory ([email protected])
http://secunia.com/advisories/24650 Third Party Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200703-04.xml Third Party Advisory ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 Mailing List, Third Party Advisory ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 Mailing List, Third Party Advisory ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 Third Party Advisory ([email protected])
http://www.mozilla.org/security/announce/2007/mfsa2007-05.html Patch, Vendor Advisory ([email protected])
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html Broken Link ([email protected])
http://www.osvdb.org/32107 Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0078.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0079.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0097.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0108.html Third Party Advisory ([email protected])
http://www.securityfocus.com/archive/1/461336/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/461809/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/22694 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1017702 Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/usn-428-1 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2007/0718 Third Party Advisory ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=354973 Issue Tracking, Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/32667 Third Party Advisory, VDB Entry ([email protected])
https://issues.rpath.com/browse/RPL-1081 Broken Link ([email protected])
https://issues.rpath.com/browse/RPL-1103 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884 Third Party Advisory ([email protected])
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc Broken Link (af854a3a-2127-422b-91ae-364da2661108)
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://fedoranews.org/cms/node/2713 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://fedoranews.org/cms/node/2728 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2007-0077.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24205 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24238 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24287 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24290 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24293 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24320 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24328 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24333 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24342 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24343 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24384 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24393 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24395 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24437 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24455 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24457 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24650 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200703-04.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2007/mfsa2007-05.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/32107 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0078.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0079.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0097.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0108.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/461336/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/461809/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/22694 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1017702 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-428-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/0718 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=354973 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32667 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-1081 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-1103 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)