Vulnerability Description
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 2.0.0.5 |
| Mozilla | Seamonkey | 1.1.3 |
| Mozilla | Thunderbird | 2.0.0.5 |
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=388121
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
- http://secunia.com/advisories/26234
- http://secunia.com/advisories/26258
- http://secunia.com/advisories/26288PatchVendor Advisory
- http://secunia.com/advisories/26303
- http://secunia.com/advisories/26309
- http://secunia.com/advisories/26331
- http://secunia.com/advisories/26335
- http://secunia.com/advisories/26393
- http://secunia.com/advisories/26460
- http://secunia.com/advisories/26572
- http://secunia.com/advisories/27276
- http://secunia.com/advisories/27298
FAQ
What is CVE-2007-3844?
CVE-2007-3844 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that ins...
How severe is CVE-2007-3844?
CVE-2007-3844 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3844?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird.