CVE-2007-0780

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

• CWE-79

• ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.ascBroken Link
• ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.ascBroken Link
• http://fedoranews.org/cms/node/2713Broken Link
• http://fedoranews.org/cms/node/2728Broken Link
• http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742Broken Link
• http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.htmlBroken Link
• http://rhn.redhat.com/errata/RHSA-2007-0077.htmlThird Party Advisory
• http://secunia.com/advisories/24205Third Party Advisory
• http://secunia.com/advisories/24238Third Party Advisory
• http://secunia.com/advisories/24287Third Party Advisory
• http://secunia.com/advisories/24290Third Party Advisory
• http://secunia.com/advisories/24293Third Party Advisory
• http://secunia.com/advisories/24320Third Party Advisory
• http://secunia.com/advisories/24328Third Party Advisory
• http://secunia.com/advisories/24333Third Party Advisory
• http://secunia.com/advisories/24342Third Party Advisory
• http://secunia.com/advisories/24343Third Party Advisory
• http://secunia.com/advisories/24384Third Party Advisory
• http://secunia.com/advisories/24393Third Party Advisory
• http://secunia.com/advisories/24395Third Party Advisory
• http://secunia.com/advisories/24437Third Party Advisory
• http://secunia.com/advisories/24455Third Party Advisory
• http://secunia.com/advisories/24457Third Party Advisory
• http://secunia.com/advisories/24650Third Party Advisory
• http://security.gentoo.org/glsa/glsa-200703-04.xmlThird Party Advisory
• http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131Mailing List, Third Party Advisory
• http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851Mailing List, Third Party Advisory
• http://www.gentoo.org/security/en/glsa/glsa-200703-08.xmlThird Party Advisory
• http://www.mandriva.com/security/advisories?name=MDKSA-2007:050Third Party Advisory
• http://www.mozilla.org/security/announce/2007/mfsa2007-05.htmlPatch, Vendor Advisory
• http://www.novell.com/linux/security/advisories/2007_22_mozilla.htmlBroken Link
• http://www.osvdb.org/32107Broken Link
• http://www.redhat.com/support/errata/RHSA-2007-0078.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2007-0079.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2007-0097.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2007-0108.htmlThird Party Advisory
• http://www.securityfocus.com/archive/1/461336/100/0/threadedThird Party Advisory, VDB Entry
• http://www.securityfocus.com/archive/1/461809/100/0/threadedThird Party Advisory, VDB Entry
• http://www.securityfocus.com/bid/22694Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id?1017702Third Party Advisory, VDB Entry
• http://www.ubuntu.com/usn/usn-428-1Third Party Advisory
• http://www.vupen.com/english/advisories/2007/0718Third Party Advisory
• https://bugzilla.mozilla.org/show_bug.cgi?id=354973Issue Tracking, Vendor Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/32667Third Party Advisory, VDB Entry
• https://issues.rpath.com/browse/RPL-1081Broken Link
• https://issues.rpath.com/browse/RPL-1103Broken Link
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884Third Party Advisory
• ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.ascBroken Link
• ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.ascBroken Link
• http://fedoranews.org/cms/node/2713Broken Link
• http://fedoranews.org/cms/node/2728Broken Link
• http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742Broken Link
• http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.htmlBroken Link
• http://rhn.redhat.com/errata/RHSA-2007-0077.htmlThird Party Advisory
• http://secunia.com/advisories/24205Third Party Advisory
• http://secunia.com/advisories/24238Third Party Advisory
• http://secunia.com/advisories/24287Third Party Advisory
• http://secunia.com/advisories/24290Third Party Advisory
• http://secunia.com/advisories/24293Third Party Advisory
• http://secunia.com/advisories/24320Third Party Advisory
• http://secunia.com/advisories/24328Third Party Advisory
• http://secunia.com/advisories/24333Third Party Advisory
• http://secunia.com/advisories/24342Third Party Advisory
• http://secunia.com/advisories/24343Third Party Advisory
• http://secunia.com/advisories/24384Third Party Advisory
• http://secunia.com/advisories/24393Third Party Advisory
• http://secunia.com/advisories/24395Third Party Advisory
• http://secunia.com/advisories/24437Third Party Advisory
• http://secunia.com/advisories/24455Third Party Advisory
• http://secunia.com/advisories/24457Third Party Advisory
• http://secunia.com/advisories/24650Third Party Advisory
• http://security.gentoo.org/glsa/glsa-200703-04.xmlThird Party Advisory
• http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131Mailing List, Third Party Advisory
• http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851Mailing List, Third Party Advisory
• http://www.gentoo.org/security/en/glsa/glsa-200703-08.xmlThird Party Advisory
• http://www.mandriva.com/security/advisories?name=MDKSA-2007:050Third Party Advisory
• http://www.mozilla.org/security/announce/2007/mfsa2007-05.htmlPatch, Vendor Advisory
• http://www.novell.com/linux/security/advisories/2007_22_mozilla.htmlBroken Link
• http://www.osvdb.org/32107Broken Link
• http://www.redhat.com/support/errata/RHSA-2007-0078.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2007-0079.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2007-0097.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2007-0108.htmlThird Party Advisory
• http://www.securityfocus.com/archive/1/461336/100/0/threadedThird Party Advisory, VDB Entry
• http://www.securityfocus.com/archive/1/461809/100/0/threadedThird Party Advisory, VDB Entry
• http://www.securityfocus.com/bid/22694Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id?1017702Third Party Advisory, VDB Entry
• http://www.ubuntu.com/usn/usn-428-1Third Party Advisory
• http://www.vupen.com/english/advisories/2007/0718Third Party Advisory
• https://bugzilla.mozilla.org/show_bug.cgi?id=354973Issue Tracking, Vendor Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/32667Third Party Advisory, VDB Entry
• https://issues.rpath.com/browse/RPL-1081Broken Link
• https://issues.rpath.com/browse/RPL-1103Broken Link
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884Third Party Advisory

Published

Feb 26, 2007

Last Modified

Jun 16, 2026

Status

Modified