Vulnerability Details : CVE-2007-0780
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2007-0780
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-0780
4.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-0780
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2007-0780
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-0780
-
http://www.redhat.com/support/errata/RHSA-2007-0078.html
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0097.html
Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884
Third Party Advisory
-
http://www.mozilla.org/security/announce/2007/mfsa2007-05.html
Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/32667
Third Party Advisory;VDB Entry
-
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
Broken Link
-
http://fedoranews.org/cms/node/2728
Broken Link
-
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
Broken Link
-
http://www.securityfocus.com/bid/22694
Third Party Advisory;VDB Entry
-
http://www.redhat.com/support/errata/RHSA-2007-0079.html
Third Party Advisory
-
http://fedoranews.org/cms/node/2713
Broken Link
-
http://www.vupen.com/english/advisories/2007/0718
Third Party Advisory
-
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
Broken Link
-
https://bugzilla.mozilla.org/show_bug.cgi?id=354973
Issue Tracking;Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0108.html
Third Party Advisory
-
http://security.gentoo.org/glsa/glsa-200703-04.xml
Mozilla Firefox: Multiple vulnerabilities (GLSA 200703-04) — Gentoo securityThird Party Advisory
-
http://www.securitytracker.com/id?1017702
Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/461336/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/usn-428-1
Third Party Advisory
-
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
SeaMonkey: Multiple vulnerabilities (GLSA 200703-08) — Gentoo securityThird Party Advisory
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
Mailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2007-0077.html
Third Party Advisory
-
https://issues.rpath.com/browse/RPL-1081
Broken Link
-
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
Broken Link
-
http://www.securityfocus.com/archive/1/461809/100/0/threaded
Third Party Advisory;VDB Entry
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
Mailing List;Third Party Advisory
-
https://issues.rpath.com/browse/RPL-1103
Broken Link
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Broken Link
Jump to