CVE-2007-3844

NONECVSS 0.0

0.0

Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.

🔗 References (110)

secalert@redhathttp://bugzilla.mozilla.org/show_bug.cgi?id=388121
secalert@redhathttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
secalert@redhathttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
secalert@redhathttp://secunia.com/advisories/26234
secalert@redhathttp://secunia.com/advisories/26258
secalert@redhathttp://secunia.com/advisories/26288
secalert@redhathttp://secunia.com/advisories/26303
secalert@redhathttp://secunia.com/advisories/26309
secalert@redhathttp://secunia.com/advisories/26331
secalert@redhathttp://secunia.com/advisories/26335
secalert@redhathttp://secunia.com/advisories/26393
secalert@redhathttp://secunia.com/advisories/26460
secalert@redhathttp://secunia.com/advisories/26572
secalert@redhathttp://secunia.com/advisories/27276
secalert@redhathttp://secunia.com/advisories/27298

Is Your Infrastructure Affected by CVE-2007-3844?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-3844

📅 Published

🔄 Last Modified

🔗 References (110)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-3844?