CVE-2007-0780

MEDIUM

Description

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

http://fedoranews.org/cms/node/2713

http://fedoranews.org/cms/node/2728

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

http://rhn.redhat.com/errata/RHSA-2007-0077.html

http://secunia.com/advisories/24205

http://secunia.com/advisories/24238

http://secunia.com/advisories/24287

http://secunia.com/advisories/24290

http://secunia.com/advisories/24293

http://secunia.com/advisories/24320

http://secunia.com/advisories/24328

http://secunia.com/advisories/24333

http://secunia.com/advisories/24342

http://secunia.com/advisories/24343

http://secunia.com/advisories/24384

http://secunia.com/advisories/24393

http://secunia.com/advisories/24395

http://secunia.com/advisories/24437

http://secunia.com/advisories/24455

http://secunia.com/advisories/24457

http://secunia.com/advisories/24650

http://security.gentoo.org/glsa/glsa-200703-04.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2007:050

http://www.mozilla.org/security/announce/2007/mfsa2007-05.html

http://www.novell.com/linux/security/advisories/2007_22_mozilla.html

http://www.osvdb.org/32107

http://www.redhat.com/support/errata/RHSA-2007-0078.html

http://www.redhat.com/support/errata/RHSA-2007-0079.html

http://www.redhat.com/support/errata/RHSA-2007-0097.html

http://www.redhat.com/support/errata/RHSA-2007-0108.html

http://www.securityfocus.com/archive/1/461336/100/0/threaded

http://www.securityfocus.com/archive/1/461809/100/0/threaded

http://www.securityfocus.com/bid/22694

http://www.securitytracker.com/id?1017702

http://www.ubuntu.com/usn/usn-428-1

http://www.vupen.com/english/advisories/2007/0718

https://bugzilla.mozilla.org/show_bug.cgi?id=354973

https://exchange.xforce.ibmcloud.com/vulnerabilities/32667

https://issues.rpath.com/browse/RPL-1081

https://issues.rpath.com/browse/RPL-1103

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884

Details

Source: MITRE

Published: 2007-02-26

Updated: 2018-10-19

Type: CWE-79

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (36 total)

ID	Name	Product	Family	Severity
67455	Oracle Linux 4 : Firefox (ELSA-2007-0079)	Nessus	Oracle Linux Local Security Checks	high
67454	Oracle Linux 4 : thunderbird (ELSA-2007-0078)	Nessus	Oracle Linux Local Security Checks	high
67453	Oracle Linux 3 / 4 : seamonkey (ELSA-2007-0077)	Nessus	Oracle Linux Local Security Checks	high
67452	Oracle Linux 4 : seamonkey (ELSA-2007-0077-2)	Nessus	Oracle Linux Local Security Checks	high
63841	RHEL 5 : thunderbird (RHSA-2007:0108)	Nessus	Red Hat Local Security Checks	high
29359	SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 2683)	Nessus	SuSE Local Security Checks	high
28022	Ubuntu 6.06 LTS : firefox regression (USN-428-2)	Nessus	Ubuntu Local Security Checks	high
28021	Ubuntu 5.10 / 6.06 LTS / 6.10 : firefox vulnerabilities (USN-428-1)	Nessus	Ubuntu Local Security Checks	high
27440	openSUSE 10 Security Update : seamonkey (seamonkey-2811)	Nessus	SuSE Local Security Checks	high
27439	openSUSE 10 Security Update : seamonkey (seamonkey-2691)	Nessus	SuSE Local Security Checks	high
27119	openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2699)	Nessus	SuSE Local Security Checks	high
27118	openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2647)	Nessus	SuSE Local Security Checks	high
25318	RHEL 5 : firefox (RHSA-2007:0097)	Nessus	Red Hat Local Security Checks	high
24800	GLSA-200703-08 : SeaMonkey: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
24791	Slackware 11.0 : seamonkey (SSA:2007-066-05)	Nessus	Slackware Local Security Checks	high
24789	Slackware 10.2 / 11.0 : mozilla-firefox (SSA:2007-066-03)	Nessus	Slackware Local Security Checks	high
3942	LedgerSMB / SQL-Ledger Authentication Bypass	Nessus Network Monitor	Web Servers	medium
24774	RHEL 4 : thunderbird (RHSA-2007:0078)	Nessus	Red Hat Local Security Checks	high
24771	GLSA-200703-04 : Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
24763	CentOS 4 : thunderbird (CESA-2007:0078)	Nessus	CentOS Local Security Checks	high
24753	Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2007:050-1)	Nessus	Mandriva Local Security Checks	high
3931	Mozilla Thunderbird < 1.5.0.10 Multiple Vulnerabilities (deprecated)	Nessus Network Monitor	SMTP Clients	medium
24735	SeaMonkey < 1.0.8 Multiple Vulnerabilities	Nessus	Windows	high
24729	Fedora Core 6 : devhelp-0.12-10.fc6 / epiphany-2.16.3-2.fc6 / firefox-1.5.0.10-1.fc6 / etc (2007-293)	Nessus	Fedora Local Security Checks	high
3927	SeaMonkey < 1.0.8 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
24716	Fedora Core 5 : firefox-1.5.0.10-1.fc5 (2007-281)	Nessus	Fedora Local Security Checks	high
24708	RHEL 4 : Firefox (RHSA-2007:0079)	Nessus	Red Hat Local Security Checks	high
24707	RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:0077)	Nessus	Red Hat Local Security Checks	high
24705	FreeBSD : mozilla -- multiple vulnerabilities (12bd6ecf-c430-11db-95c5-000c6ec775d9)	Nessus	FreeBSD Local Security Checks	high
24704	CentOS 4 : firefox (CESA-2007:0079)	Nessus	CentOS Local Security Checks	high
24703	CentOS 3 / 4 : seamonkey (CESA-2007:0077)	Nessus	CentOS Local Security Checks	high
3922	Mozilla Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
24701	Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities	Nessus	Windows	high
801328	Mozilla Thunderbird < 1.5.0.10 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
800879	SeaMonkey < 1.0.8 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
800760	Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high