6.8

CVE-2007-0780

EPSS 1.68%
Published 26.02.2007 20:28:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

Affected products Warnungen 0 Metrics 2 CWE 1 References 50

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version >= 1.5 < 1.5.0.10

Mozilla ≫ Firefox Version >= 2.0 < 2.0.0.2

Mozilla ≫ Seamonkey Version < 1.0.8

Canonical ≫ Ubuntu Linux Version5.10

Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts

Canonical ≫ Ubuntu Linux Version6.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.68%	0.814

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Broken Link

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

Broken Link

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

Broken Link

http://fedoranews.org/cms/node/2713

Broken Link

http://fedoranews.org/cms/node/2728

Broken Link

http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2007-0077.html

Third Party Advisory

http://secunia.com/advisories/24205

Third Party Advisory

http://secunia.com/advisories/24238

Third Party Advisory

http://secunia.com/advisories/24287

Third Party Advisory

http://secunia.com/advisories/24290

Third Party Advisory

http://secunia.com/advisories/24293

Third Party Advisory

http://secunia.com/advisories/24320

Third Party Advisory

http://secunia.com/advisories/24328

Third Party Advisory

http://secunia.com/advisories/24333

Third Party Advisory

http://secunia.com/advisories/24342

Third Party Advisory

http://secunia.com/advisories/24343

Third Party Advisory

http://secunia.com/advisories/24384

Third Party Advisory

http://secunia.com/advisories/24393

Third Party Advisory

http://secunia.com/advisories/24395

Third Party Advisory

http://secunia.com/advisories/24437

Third Party Advisory

http://secunia.com/advisories/24457

Third Party Advisory

http://secunia.com/advisories/24650

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200703-04.xml

Third Party Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

Third Party Advisory

Mailing List

http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2007:050

Third Party Advisory

http://www.novell.com/linux/security/advisories/2007_22_mozilla.html

Broken Link

http://www.redhat.com/support/errata/RHSA-2007-0078.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2007-0079.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2007-0097.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2007-0108.html

Third Party Advisory

http://www.securityfocus.com/archive/1/461336/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/archive/1/461809/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/22694

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/usn-428-1

Third Party Advisory

http://www.vupen.com/english/advisories/2007/0718

Third Party Advisory

https://issues.rpath.com/browse/RPL-1081

Broken Link

https://issues.rpath.com/browse/RPL-1103

Broken Link

http://www.mozilla.org/security/announce/2007/mfsa2007-05.html

Patch

Vendor Advisory

http://www.securitytracker.com/id?1017702

Third Party Advisory

VDB Entry

http://secunia.com/advisories/24455

Third Party Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

Third Party Advisory

Mailing List

http://www.osvdb.org/32107

Broken Link

https://bugzilla.mozilla.org/show_bug.cgi?id=354973

Vendor Advisory

Issue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/32667

Third Party Advisory

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2007-0780

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-0780

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-0780

EUVD