Home > Vulnerability Database > CVE-2007-0780

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2007-0780

Date: February 26, 2007

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

Severity Score

5.6

Related Resources (51)

Url: http://secunia.com/advisories/24290

Url: http://www.securityfocus.com/archive/1/461809/100/0/threaded

Url: http://secunia.com/advisories/24293

Url: https://issues.rpath.com/browse/RPL-1081

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-0780

Url: https://access.redhat.com/security/cve/CVE-2007-0780

Url: http://www.mozilla.org/security/announce/2007/mfsa2007-05.html

Url: http://secunia.com/advisories/24328

Url: http://www.osvdb.org/32107

Url: http://secunia.com/advisories/24205

Url: http://www.novell.com/linux/security/advisories/2007_22_mozilla.html

Url: http://secunia.com/advisories/24320

Url: http://secunia.com/advisories/24287

Url: http://www.ubuntu.com/usn/usn-428-1

Url: http://security.gentoo.org/glsa/glsa-200703-04.xml

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/32667

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Url: http://www.securityfocus.com/archive/1/461336/100/0/threaded

Url: ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

Url: http://www.securitytracker.com/id?1017702

Url: http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml

Url: http://www.redhat.com/support/errata/RHSA-2007-0078.html

Url: http://secunia.com/advisories/24457

Url: http://www.vupen.com/english/advisories/2007/0718

Url: http://secunia.com/advisories/24650

Url: http://www.redhat.com/support/errata/RHSA-2007-0097.html

Url: http://secunia.com/advisories/24455

Url: http://secunia.com/advisories/24333

Url: http://secunia.com/advisories/24393

Url: http://www.securityfocus.com/bid/22694

Url: http://fedoranews.org/cms/node/2728

Url: https://issues.rpath.com/browse/RPL-1103

Url: ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-0780

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=354973

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

Url: http://secunia.com/advisories/24342

Url: http://www.redhat.com/support/errata/RHSA-2007-0079.html

Url: http://secunia.com/advisories/24384

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:050

Url: http://secunia.com/advisories/24343

Url: http://fedoranews.org/cms/node/2713

Url: http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

Url: http://secunia.com/advisories/24437

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884

Url: http://secunia.com/advisories/24238

Url: http://rhn.redhat.com/errata/RHSA-2007-0077.html

Url: http://www.redhat.com/support/errata/RHSA-2007-0108.html

Url: http://secunia.com/advisories/24395

Url: https://www.mend.io/vulnerability-database/CVE-2007-0780

Severity Score

5.6

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us