Computer Security

CVE-2007-3844
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2007-3844
StatusCandidate
DescriptionMozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.
PhaseAssigned (18.07.2007)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3844
ReferencesBID : 25142
 BUGTRAQ : 20070801 FLEA-2007-0039-1 firefox
 CONFIRM : http://bugzilla.mozilla.org/show_bug.cgi?id=388121
 CONFIRM : http://www.mozilla.org/security/announce/2007/mfsa...
 CONFIRM : https://issues.rpath.com/browse/RPL-1600
 DEBIAN : DSA-1344
 DEBIAN : DSA-1345
 DEBIAN : DSA-1346
 GENTOO : GLSA-200708-09
 MANDRIVA : MDKSA-2007:152
 SECTRACK : 1018479
 SECTRACK : 1018480
 SECTRACK : 1018481
 SECUNIA : 26234
 SECUNIA : 26258
 SECUNIA : 26288
 SECUNIA : 26303
 SECUNIA : 26309
 SECUNIA : 26331
 SECUNIA : 26335
 SECUNIA : 26393
 SECUNIA : 26460
 SECUNIA : 26572
 SLACKWARE : SSA:2007-213-01
 UBUNTU : USN-493-1
 UBUNTU : USN-503-1
SecurityVulns:Mozilla Firefox / Thunderbird URL processing code execution
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server