// For flags

CVE-2007-0780

 

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

browser.js en Mozilla Firefox 1.5.x versiones anteriores a 1.5.0.10 y 2.x versiones anteriores a 2.0.0.2, y SeaMonkey versiones anteriores a 1.0.8, usa la URI de petición para identificar ventanas hijo, lo cual permite a atacantes remotos conducir ataques de secuencias de comandos en sitios cruzados (XSS) al abrir una ventana emergente bloqueada originada de una URI javascript: en combinación con múltiples marcos teniendo la misma URI data:

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-02-06 CVE Reserved
  • 2007-02-26 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-09-07 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (49)
URL Tag Source
http://secunia.com/advisories/24205 Third Party Advisory
http://secunia.com/advisories/24238 Third Party Advisory
http://secunia.com/advisories/24287 Third Party Advisory
http://secunia.com/advisories/24290 Third Party Advisory
http://secunia.com/advisories/24293 Third Party Advisory
http://secunia.com/advisories/24320 Third Party Advisory
http://secunia.com/advisories/24328 Third Party Advisory
http://secunia.com/advisories/24333 Third Party Advisory
http://secunia.com/advisories/24342 Third Party Advisory
http://secunia.com/advisories/24343 Third Party Advisory
http://secunia.com/advisories/24384 Third Party Advisory
http://secunia.com/advisories/24393 Third Party Advisory
http://secunia.com/advisories/24395 Third Party Advisory
http://secunia.com/advisories/24437 Third Party Advisory
http://secunia.com/advisories/24455 Third Party Advisory
http://secunia.com/advisories/24457 Third Party Advisory
http://secunia.com/advisories/24650 Third Party Advisory
http://www.osvdb.org/32107 Broken Link
http://www.securityfocus.com/archive/1/461336/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/461809/100/0/threaded Mailing List
http://www.securityfocus.com/bid/22694 Third Party Advisory
http://www.securitytracker.com/id?1017702 Third Party Advisory
http://www.vupen.com/english/advisories/2007/0718 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32667 Third Party Advisory
https://issues.rpath.com/browse/RPL-1081 Broken Link
https://issues.rpath.com/browse/RPL-1103 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884 Signature
URL Date SRC
URL Date SRC
http://www.mozilla.org/security/announce/2007/mfsa2007-05.html 2019-10-09
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc 2019-10-09
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc 2019-10-09
http://fedoranews.org/cms/node/2713 2019-10-09
http://fedoranews.org/cms/node/2728 2019-10-09
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 2019-10-09
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html 2019-10-09
http://rhn.redhat.com/errata/RHSA-2007-0077.html 2019-10-09
http://security.gentoo.org/glsa/glsa-200703-04.xml 2019-10-09
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 2019-10-09
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 2019-10-09
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml 2019-10-09
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 2019-10-09
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html 2019-10-09
http://www.redhat.com/support/errata/RHSA-2007-0078.html 2019-10-09
http://www.redhat.com/support/errata/RHSA-2007-0079.html 2019-10-09
http://www.redhat.com/support/errata/RHSA-2007-0097.html 2019-10-09
http://www.redhat.com/support/errata/RHSA-2007-0108.html 2019-10-09
http://www.ubuntu.com/usn/usn-428-1 2019-10-09
https://bugzilla.mozilla.org/show_bug.cgi?id=354973 2019-10-09
https://access.redhat.com/security/cve/CVE-2007-0780 2007-03-14
https://bugzilla.redhat.com/show_bug.cgi?id=1618278 2007-03-14
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 >= 1.5 < 1.5.0.10
Search vendor "Mozilla" for product "Firefox" and version " >= 1.5 < 1.5.0.10"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 >= 2.0 < 2.0.0.2
Search vendor "Mozilla" for product "Firefox" and version " >= 2.0 < 2.0.0.2"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 < 1.0.8
Search vendor "Mozilla" for product "Seamonkey" and version " < 1.0.8"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 5.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "5.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10"
-
Affected