CVE - CVE-2007-0780

CVE-ID
CVE-2007-0780	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1017702 URL:http://www.securitytracker.com/id?1017702 MISC:20070202-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc MISC:20070226 rPSA-2007-0040-1 firefox URL:http://www.securityfocus.com/archive/1/461336/100/0/threaded MISC:20070301-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc MISC:20070303 rPSA-2007-0040-3 firefox thunderbird URL:http://www.securityfocus.com/archive/1/461809/100/0/threaded MISC:22694 URL:http://www.securityfocus.com/bid/22694 MISC:24205 URL:http://secunia.com/advisories/24205 MISC:24238 URL:http://secunia.com/advisories/24238 MISC:24287 URL:http://secunia.com/advisories/24287 MISC:24290 URL:http://secunia.com/advisories/24290 MISC:24293 URL:http://secunia.com/advisories/24293 MISC:24320 URL:http://secunia.com/advisories/24320 MISC:24328 URL:http://secunia.com/advisories/24328 MISC:24333 URL:http://secunia.com/advisories/24333 MISC:24342 URL:http://secunia.com/advisories/24342 MISC:24343 URL:http://secunia.com/advisories/24343 MISC:24384 URL:http://secunia.com/advisories/24384 MISC:24393 URL:http://secunia.com/advisories/24393 MISC:24395 URL:http://secunia.com/advisories/24395 MISC:24437 URL:http://secunia.com/advisories/24437 MISC:24455 URL:http://secunia.com/advisories/24455 MISC:24457 URL:http://secunia.com/advisories/24457 MISC:24650 URL:http://secunia.com/advisories/24650 MISC:32107 URL:~~http://www.osvdb.org/32107~~ (Obsolete source) MISC:ADV-2007-0718 URL:~~http://www.vupen.com/english/advisories/2007/0718~~ (Obsolete source) MISC:FEDORA-2007-281 URL:http://fedoranews.org/cms/node/2713 MISC:FEDORA-2007-293 URL:http://fedoranews.org/cms/node/2728 MISC:GLSA-200703-04 URL:http://security.gentoo.org/glsa/glsa-200703-04.xml MISC:GLSA-200703-08 URL:http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml MISC:HPSBUX02153 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 MISC:MDKSA-2007:050 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:050~~ (Obsolete source) MISC:RHSA-2007:0077 URL:http://rhn.redhat.com/errata/RHSA-2007-0077.html MISC:RHSA-2007:0078 URL:http://www.redhat.com/support/errata/RHSA-2007-0078.html MISC:RHSA-2007:0079 URL:http://www.redhat.com/support/errata/RHSA-2007-0079.html MISC:RHSA-2007:0097 URL:http://www.redhat.com/support/errata/RHSA-2007-0097.html MISC:RHSA-2007:0108 URL:http://www.redhat.com/support/errata/RHSA-2007-0108.html MISC:SSA:2007-066-03 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 MISC:SSA:2007-066-05 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 MISC:SSRT061181 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 MISC:SUSE-SA:2007:019 URL:http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html MISC:SUSE-SA:2007:022 URL:http://www.novell.com/linux/security/advisories/2007_22_mozilla.html MISC:USN-428-1 URL:http://www.ubuntu.com/usn/usn-428-1 MISC:http://www.mozilla.org/security/announce/2007/mfsa2007-05.html URL:http://www.mozilla.org/security/announce/2007/mfsa2007-05.html MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=354973 URL:https://bugzilla.mozilla.org/show_bug.cgi?id=354973 MISC:https://issues.rpath.com/browse/RPL-1081 URL:https://issues.rpath.com/browse/RPL-1081 MISC:https://issues.rpath.com/browse/RPL-1103 URL:https://issues.rpath.com/browse/RPL-1103 MISC:mozilla-dataurl-xss(32667) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/32667 MISC:oval:org.mitre.oval:def:9884 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884
Assigning CNA
Red Hat, Inc.
Date Record Created
20070206	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070206)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)