CVE-2007-0780

NameCVE-2007-0780
Descriptionbrowser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceapesource(unstable)1.0.8-1medium
iceweaselsource(unstable)2.0.0.2+dfsg-1medium
mozillasourcesarge(not affected)
mozilla-firefoxsourcesarge(not affected)
xulrunnersource(unstable)1.8.0.10-1medium

Notes

MFSA-2007-05
[sarge] - mozilla-firefox <not-affected> (Vulnerable code not present)
[sarge] - mozilla <not-affected> (Vulnerable code not present)
Search for package or bug name: Reporting problems