CVE-2007-0780 — MEDIUM (6.8)

Q: How severe is CVE-2007-0780?

CVE-2007-0780 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-0780?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Canonical Ubuntu Linux.

Vulnerability Description

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	>= 1.5, < 1.5.0.10
Mozilla	Seamonkey	< 1.0.8
Canonical	Ubuntu Linux	5.10

Related Weaknesses (CWE)

CWE-79

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.ascBroken Link
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.ascBroken Link
http://fedoranews.org/cms/node/2713Broken Link
http://fedoranews.org/cms/node/2728Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742Broken Link
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.htmlBroken Link
http://rhn.redhat.com/errata/RHSA-2007-0077.htmlThird Party Advisory
http://secunia.com/advisories/24205Third Party Advisory
http://secunia.com/advisories/24238Third Party Advisory
http://secunia.com/advisories/24287Third Party Advisory
http://secunia.com/advisories/24290Third Party Advisory
http://secunia.com/advisories/24293Third Party Advisory
http://secunia.com/advisories/24320Third Party Advisory
http://secunia.com/advisories/24328Third Party Advisory
http://secunia.com/advisories/24333Third Party Advisory

FAQ

What is CVE-2007-0780?

CVE-2007-0780 is a vulnerability with a CVSS score of 6.8 (MEDIUM). browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross...

How severe is CVE-2007-0780?

CVE-2007-0780 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-0780?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Canonical Ubuntu Linux.