CVE Reference: CVE-2007-3844

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2007-3844

Description:
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.

CVE Status:
Candidate

References:

UBUNTU
  http://www.ubuntu.com/usn/usn-493-1
  http://www.ubuntu.com/usn/usn-503-1

SUSE
  http://www.novell.com/linux/security/advisories/2007_57_mozilla.html

SUNALERT
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
  http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

ST
  1018480
  1018481
  1018479

SLACKWARE
  http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101

SAID
  Secunia Advisory: SA27414
  Secunia Advisory: SA27326
  Secunia Advisory: SA27298
  Secunia Advisory: SA27356
  Secunia Advisory: SA27327
  Secunia Advisory: SA27325
  Secunia Advisory: SA27276
  Secunia Advisory: SA26572
  Secunia Advisory: SA26460
  Secunia Advisory: SA26393
  Secunia Advisory: SA26303
  Secunia Advisory: SA26335
  Secunia Advisory: SA26331
  Secunia Advisory: SA26309
  Secunia Advisory: SA26258
  Secunia Advisory: SA26288
  Secunia Advisory: SA26234
  Secunia Advisory: SA27680
  Secunia Advisory: SA28363
  Secunia Advisory: SA28135

REDHAT
  http://www.redhat.com/support/errata/RHSA-2007-0981.html
  http://www.redhat.com/support/errata/RHSA-2007-0979.html
  http://www.redhat.com/support/errata/RHSA-2007-0980.html

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9493

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
  http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
  http://www.mandriva.com/security/advisories?name=MDVSA-2007:047

HP
  http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
  http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579

GENTOO
  http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml

FEDORA

DEBIAN
  http://www.debian.org/security/2007/dsa-1391
  http://www.debian.org/security/2007/dsa-1344
  http://www.debian.org/security/2007/dsa-1346
  http://www.debian.org/security/2007/dsa-1345

CONFIRM
  http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
  http://bugzilla.mozilla.org/show_bug.cgi?id=388121
  http://www.mozilla.org/security/announce/2007/mfsa2007-26.html

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/475450/30/5550/threaded
  http://www.securityfocus.com/archive/1/archive/1/475265/100/200/threaded

BID
  25142


Return to the previous page.