Published: 26/02/2007 Updated: 09/10/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Subscribe to Firefox

browser.js in Mozilla Firefox 1.5.x prior to 1.5.0.10 and 2.x prior to 2.0.0.2, and SeaMonkey prior to 1.0.8 uses the requesting URI to identify child windows, which allows remote malicious users to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox
mozilla seamonkey
canonical ubuntu linux 5.10
canonical ubuntu linux 6.06
canonical ubuntu linux 6.10

Several flaws have been found that could be used to perform Cross-site scripting attacks A malicious web site could exploit these to modify the contents or steal confidential data (such as passwords) from other opened web pages (CVE-2006-6077, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0995, CVE-2007-0996) ...

USN-428-1 fixed vulnerabilities in Firefox 15 However, changes to library paths caused applications depending on libnss3 to fail to start up This update fixes the problem ...

Mozilla Foundation Security Advisory 2007-05 XSS and local file access by opening blocked popupsand local file access by opening blocked popups Announced February 23, 2007 Reporter shutdown, Michal Zalewski Impact Moderate Products ...

CWE-79 http://www.mozilla.org/security/announce/2007/mfsa2007-05.html https://bugzilla.mozilla.org/show_bug.cgi?id=354973 https://issues.rpath.com/browse/RPL-1081 https://issues.rpath.com/browse/RPL-1103 http://fedoranews.org/cms/node/2713 http://fedoranews.org/cms/node/2728 http://security.gentoo.org/glsa/glsa-200703-04.xml http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml http://www.redhat.com/support/errata/RHSA-2007-0079.html http://rhn.redhat.com/errata/RHSA-2007-0077.html http://www.redhat.com/support/errata/RHSA-2007-0078.html http://www.redhat.com/support/errata/RHSA-2007-0097.html http://www.redhat.com/support/errata/RHSA-2007-0108.html http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html http://www.ubuntu.com/usn/usn-428-1 http://www.securityfocus.com/bid/22694 http://www.osvdb.org/32107 http://www.securitytracker.com/id?1017702 http://secunia.com/advisories/24238 http://secunia.com/advisories/24287 http://secunia.com/advisories/24290 http://secunia.com/advisories/24205 http://secunia.com/advisories/24328 http://secunia.com/advisories/24333 http://secunia.com/advisories/24343 http://secunia.com/advisories/24320 http://secunia.com/advisories/24293 http://secunia.com/advisories/24393 http://secunia.com/advisories/24395 http://secunia.com/advisories/24384 http://secunia.com/advisories/24437 ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://secunia.com/advisories/24650 http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 http://www.novell.com/linux/security/advisories/2007_22_mozilla.html http://secunia.com/advisories/24455 http://secunia.com/advisories/24457 http://secunia.com/advisories/24342 http://www.vupen.com/english/advisories/2007/0718 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 https://exchange.xforce.ibmcloud.com/vulnerabilities/32667 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884 http://www.securityfocus.com/archive/1/461809/100/0/threaded http://www.securityfocus.com/archive/1/461336/100/0/threaded https://usn.ubuntu.com/428-1/https://nvd.nist.gov

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook