Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2007-0780

Опубликовано: 26 фев. 2007
Источник: debian

Описание

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
iceweaselfixed2.0.0.2+dfsg-1package
iceapefixed1.0.8-1package
xulrunnerfixed1.8.0.10-1package
mozilla-firefoxnot-affectedsargepackage
mozillanot-affectedsargepackage

Примечания

  • MFSA-2007-05

Связанные уязвимости

ubuntu логотип

CVE-2007-0780

ubuntu
больше 18 лет назад

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

redhat логотип

CVE-2007-0780

redhat
больше 18 лет назад

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

nvd логотип

CVE-2007-0780

nvd
больше 18 лет назад

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

github логотип

GHSA-89ph-rw24-cjrj

github
больше 3 лет назад

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.