Vulnerability & Exploit Database

Back to search

MFSA2007-05 Firefox: XSS and local file access by opening blocked popups (CVE-2007-0780)

Severity CVSS Published Added Modified
7 (AV:N/AC:M/Au:N/C:P/I:P/A:P) February 26, 2007 June 14, 2012 May 27, 2016

Description

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

mozilla-firefox-upgrade-1_5_0_10

Related Vulnerabilities