CVE-2007-0780 - Vulnerability Details

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Mozilla	Firefox Seamonkey
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
seamonkey-0:1.0.8-0.2.el2	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2007:0077	2007-02-24T00:00:00Z
Red Hat Enterprise Linux 3
seamonkey-0:1.0.8-0.2.el3	cpe:/o:redhat:enterprise_linux:3	RHSA-2007:0077	2007-02-24T00:00:00Z
Red Hat Enterprise Linux 4
devhelp-0:0.10-0.7.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2007:0077	2007-02-24T00:00:00Z
seamonkey-0:1.0.8-0.2.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2007:0077	2007-02-24T00:00:00Z
thunderbird-0:1.5.0.10-0.1.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2007:0078	2007-03-02T00:00:00Z
firefox-0:1.5.0.10-0.1.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2007:0079	2007-02-23T00:00:00Z
Red Hat Enterprise Linux 5
devhelp-0:0.12-10.0.1.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2007:0097	2007-03-14T00:00:00Z
firefox-0:1.5.0.10-2.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2007:0097	2007-03-14T00:00:00Z
yelp-0:2.16.0-14.0.1.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2007:0097	2007-03-14T00:00:00Z
thunderbird-0:1.5.0.10-1.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2007:0108	2007-03-14T00:00:00Z

References

Link	Providers
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://rhn.redhat.com/errata/RHSA-2007-0077.html
http://secunia.com/advisories/24205
http://secunia.com/advisories/24238
http://secunia.com/advisories/24287
http://secunia.com/advisories/24290
http://secunia.com/advisories/24293
http://secunia.com/advisories/24320
http://secunia.com/advisories/24328
http://secunia.com/advisories/24333
http://secunia.com/advisories/24342
http://secunia.com/advisories/24343
http://secunia.com/advisories/24384
http://secunia.com/advisories/24393
http://secunia.com/advisories/24395
http://secunia.com/advisories/24437
http://secunia.com/advisories/24455
http://secunia.com/advisories/24457
http://secunia.com/advisories/24650
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.mozilla.org/security/announce/2007/mfsa2007-05.html
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.osvdb.org/32107
http://www.redhat.com/support/errata/RHSA-2007-0078.html
http://www.redhat.com/support/errata/RHSA-2007-0079.html
http://www.redhat.com/support/errata/RHSA-2007-0097.html
http://www.redhat.com/support/errata/RHSA-2007-0108.html
http://www.securityfocus.com/archive/1/461336/100/0/threaded
http://www.securityfocus.com/archive/1/461809/100/0/threaded
http://www.securityfocus.com/bid/22694
http://www.securitytracker.com/id?1017702
http://www.ubuntu.com/usn/usn-428-1
http://www.vupen.com/english/advisories/2007/0718
https://bugzilla.mozilla.org/show_bug.cgi?id=354973
https://exchange.xforce.ibmcloud.com/vulnerabilities/32667
https://issues.rpath.com/browse/RPL-1081
https://issues.rpath.com/browse/RPL-1103
https://nvd.nist.gov/vuln/detail/CVE-2007-0780
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884
https://www.cve.org/CVERecord?id=CVE-2007-0780

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2007-02-26T20:00:00

Updated: 2024-08-07T12:34:21.060Z

Reserved: 2007-02-06T00:00:00

Link: CVE-2007-0780

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-02-26T20:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0780

Redhat

Severity : Moderate

Publid Date: 2007-02-23T00:00:00Z

Links: CVE-2007-0780 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-23T00:00:00", "descriptions": [{"lang": "en", "value": "browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2007:0078", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-05.html"}, {"name": "24395", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24395"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=354973"}, {"name": "20070226 rPSA-2007-0040-1 firefox", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"}, {"name": "24328", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24328"}, {"name": "RHSA-2007:0108", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"}, {"name": "GLSA-200703-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"}, {"name": "GLSA-200703-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"}, {"name": "oval:org.mitre.oval:def:9884", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884"}, {"name": "SSA:2007-066-03", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851"}, {"name": "24384", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24384"}, {"name": "24457", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24457"}, {"name": "24343", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24343"}, {"name": "HPSBUX02153", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "ADV-2007-0718", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0718"}, {"name": "24650", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24650"}, {"name": "USN-428-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-428-1"}, {"name": "24320", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24320"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1103"}, {"name": "32107", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/32107"}, {"name": "SUSE-SA:2007:019", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"}, {"name": "20070303 rPSA-2007-0040-3 firefox thunderbird", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"}, {"name": "SUSE-SA:2007:022", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"}, {"name": "24293", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24293"}, {"name": "24238", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24238"}, {"name": "24393", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24393"}, {"name": "24342", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24342"}, {"name": "24287", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24287"}, {"name": "22694", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22694"}, {"name": "SSRT061181", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "FEDORA-2007-281", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://fedoranews.org/cms/node/2713"}, {"name": "RHSA-2007:0097", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"}, {"name": "1017702", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017702"}, {"name": "FEDORA-2007-293", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://fedoranews.org/cms/node/2728"}, {"name": "20070301-01-P", "tags": ["vendor-advisory", "x_refsource_SGI"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"}, {"name": "mozilla-dataurl-xss(32667)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32667"}, {"name": "24205", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24205"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1081"}, {"name": "24333", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24333"}, {"name": "MDKSA-2007:050", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"}, {"name": "24290", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24290"}, {"name": "24455", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24455"}, {"name": "RHSA-2007:0077", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"}, {"name": "20070202-01-P", "tags": ["vendor-advisory", "x_refsource_SGI"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"}, {"name": "SSA:2007-066-05", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131"}, {"name": "RHSA-2007:0079", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"}, {"name": "24437", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24437"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:34:21.060Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2007:0078", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-05.html"}, {"name": "24395", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24395"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=354973"}, {"name": "20070226 rPSA-2007-0040-1 firefox", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"}, {"name": "24328", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24328"}, {"name": "RHSA-2007:0108", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"}, {"name": "GLSA-200703-04", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"}, {"name": "GLSA-200703-08", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"}, {"name": "oval:org.mitre.oval:def:9884", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884"}, {"name": "SSA:2007-066-03", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851"}, {"name": "24384", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24384"}, {"name": "24457", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24457"}, {"name": "24343", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24343"}, {"name": "HPSBUX02153", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "ADV-2007-0718", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0718"}, {"name": "24650", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24650"}, {"name": "USN-428-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-428-1"}, {"name": "24320", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24320"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-1103"}, {"name": "32107", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/32107"}, {"name": "SUSE-SA:2007:019", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"}, {"name": "20070303 rPSA-2007-0040-3 firefox thunderbird", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"}, {"name": "SUSE-SA:2007:022", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"}, {"name": "24293", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24293"}, {"name": "24238", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24238"}, {"name": "24393", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24393"}, {"name": "24342", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24342"}, {"name": "24287", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24287"}, {"name": "22694", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22694"}, {"name": "SSRT061181", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "FEDORA-2007-281", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://fedoranews.org/cms/node/2713"}, {"name": "RHSA-2007:0097", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"}, {"name": "1017702", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017702"}, {"name": "FEDORA-2007-293", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://fedoranews.org/cms/node/2728"}, {"name": "20070301-01-P", "tags": ["vendor-advisory", "x_refsource_SGI", "x_transferred"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"}, {"name": "mozilla-dataurl-xss(32667)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32667"}, {"name": "24205", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24205"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-1081"}, {"name": "24333", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24333"}, {"name": "MDKSA-2007:050", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"}, {"name": "24290", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24290"}, {"name": "24455", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24455"}, {"name": "RHSA-2007:0077", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"}, {"name": "20070202-01-P", "tags": ["vendor-advisory", "x_refsource_SGI", "x_transferred"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"}, {"name": "SSA:2007-066-05", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131"}, {"name": "RHSA-2007:0079", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"}, {"name": "24437", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24437"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-0780", "datePublished": "2007-02-26T20:00:00", "dateReserved": "2007-02-06T00:00:00", "dateUpdated": "2024-08-07T12:34:21.060Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EDDD5B2-2356-4A1A-820F-60CF3B638910", "versionEndExcluding": "1.5.0.10", "versionStartIncluding": "1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BAFE9FF-65A4-487A-9D3A-844086DE5F27", "versionEndExcluding": "2.0.0.2", "versionStartIncluding": "2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5ECD99A-50D8-47FB-AEE9-D7A4F8F72B7C", "versionEndExcluding": "1.0.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*", "matchCriteriaId": "0FA3A32E-445A-4D39-A8D5-75F5370AD23D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*", "matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI."}, {"lang": "es", "value": "browser.js en Mozilla Firefox 1.5.x versiones anteriores a 1.5.0.10 y 2.x versiones anteriores a 2.0.0.2, y SeaMonkey versiones anteriores a 1.0.8, usa la URI de petici\u00f3n para identificar ventanas hijo, lo cual permite a atacantes remotos conducir ataques de secuencias de comandos en sitios cruzados (XSS) al abrir una ventana emergente bloqueada originada de una URI javascript: en combinaci\u00f3n con m\u00faltiples marcos teniendo la misma URI data:"}], "id": "CVE-2007-0780", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-02-26T20:28:00.000", "references": [{"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://fedoranews.org/cms/node/2713"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://fedoranews.org/cms/node/2728"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24205"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24238"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24287"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24290"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24293"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24320"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24328"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24333"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24342"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24343"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24384"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24393"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24395"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24437"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24455"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24457"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24650"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-05.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.osvdb.org/32107"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/22694"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1017702"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-428-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0718"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=354973"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32667"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://issues.rpath.com/browse/RPL-1081"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://issues.rpath.com/browse/RPL-1103"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://fedoranews.org/cms/node/2713"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://fedoranews.org/cms/node/2728"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24205"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24238"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24287"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24290"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24293"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24320"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24328"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24333"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24342"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24343"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24384"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24393"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24395"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24437"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24455"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24457"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/24650"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-05.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.osvdb.org/32107"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/22694"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1017702"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-428-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0718"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=354973"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32667"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://issues.rpath.com/browse/RPL-1081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://issues.rpath.com/browse/RPL-1103"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2007:0077", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "seamonkey-0:1.0.8-0.2.el2", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2007-02-24T00:00:00Z"}, {"advisory": "RHSA-2007:0077", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "seamonkey-0:1.0.8-0.2.el3", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2007-02-24T00:00:00Z"}, {"advisory": "RHSA-2007:0077", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "devhelp-0:0.10-0.7.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-02-24T00:00:00Z"}, {"advisory": "RHSA-2007:0077", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "seamonkey-0:1.0.8-0.2.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-02-24T00:00:00Z"}, {"advisory": "RHSA-2007:0078", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "thunderbird-0:1.5.0.10-0.1.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-03-02T00:00:00Z"}, {"advisory": "RHSA-2007:0079", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "firefox-0:1.5.0.10-0.1.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-02-23T00:00:00Z"}, {"advisory": "RHSA-2007:0097", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "devhelp-0:0.12-10.0.1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-03-14T00:00:00Z"}, {"advisory": "RHSA-2007:0097", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:1.5.0.10-2.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-03-14T00:00:00Z"}, {"advisory": "RHSA-2007:0097", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "yelp-0:2.16.0-14.0.1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-03-14T00:00:00Z"}, {"advisory": "RHSA-2007:0108", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "thunderbird-0:1.5.0.10-1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-03-14T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1618278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618278"}, "csaw": false, "details": ["browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI."], "name": "CVE-2007-0780", "public_date": "2007-02-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-0780\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-0780"], "threat_severity": "Moderate"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object