CVE-2007-0780

NONECVSS 0.0

0.0

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

🔗 References (94)

secalert@redhatftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
secalert@redhatftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
secalert@redhathttp://fedoranews.org/cms/node/2713
secalert@redhathttp://fedoranews.org/cms/node/2728
secalert@redhathttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
secalert@redhathttp://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2007-0077.html
secalert@redhathttp://secunia.com/advisories/24205
secalert@redhathttp://secunia.com/advisories/24238
secalert@redhathttp://secunia.com/advisories/24287
secalert@redhathttp://secunia.com/advisories/24290
secalert@redhathttp://secunia.com/advisories/24293
secalert@redhathttp://secunia.com/advisories/24320
secalert@redhathttp://secunia.com/advisories/24328
secalert@redhathttp://secunia.com/advisories/24333

Is Your Infrastructure Affected by CVE-2007-0780?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-0780

📅 Published

🔄 Last Modified

🔗 References (94)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-0780?