CVE-2007-3844

Name	CVE-2007-3844
Description	Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1344-1, DSA-1345-1, DSA-1346-1, DSA-1391-1, DTSA-51-1, DTSA-52-1, DTSA-53-1, DTSA-71-1

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin
iceape	source	etch	1.0.10~pre070720-0etch3		DSA-1346-1
iceape	source	lenny	1.0.10~pre070720-0etch3+lenny1		DTSA-52-1
iceape	source	(unstable)	1.1.3-2	medium
icedove	source	etch	1.5.0.13+1.5.0.14b.dfsg1-0etch1		DSA-1391-1
icedove	source	lenny	1.5.0.13+1.5.0.14b.dfsg1-0lenny1		DTSA-71-1
icedove	source	(unstable)	2.0.0.6-1	medium
iceweasel	source	etch	2.0.0.6-0etch1		DSA-1344-1
iceweasel	source	lenny	2.0.0.6-0etch1+lenny1		DTSA-53-1
iceweasel	source	(unstable)	2.0.0.6-1	medium
xulrunner	source	etch	1.8.0.13~pre070720-0etch3		DSA-1345-1
xulrunner	source	lenny	1.8.0.13~pre070720-0etch3+lenny1		DTSA-51-1
xulrunner	source	(unstable)	1.8.1.6-1	medium

Notes

MFSA2007-26