1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
PublicDate: 2007-02-26
Candidate: CVE-2007-0780
References:
http://www.ubuntu.com/usn/usn-428-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780
Description:
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2,
and SeaMonkey before 1.0.8 uses the requesting URI to identify child
windows, which allows remote attackers to conduct cross-site scripting
(XSS) attacks by opening a blocked popup originating from a javascript: URI
in combination with multiple frames having the same data: URI.
Ubuntu-Description:
Notes:
Bugs:
dapper_midbrowser: DNE
edgy_midbrowser: DNE
feisty_midbrowser: DNE
gutsy_midbrowser: released (0.1.6b-0ubuntu2)
devel_midbrowser: released (0.1.6b-0ubuntu2)
dapper_firefox: released (1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1)
edgy_firefox: released (2.0.0.6+0dfsg-0ubuntu0.6.10)
feisty_firefox: released (2.0.0.6+1-0ubuntu1)
gutsy_firefox: not-affected
devel_firefox: not-affected
dapper_lightning-sunbird: DNE
edgy_lightning-sunbird: DNE
feisty_lightning-sunbird: DNE
gutsy_lightning-sunbird: released (0.5-0ubuntu4)
devel_lightning-sunbird: released (0.5-0ubuntu4)
dapper_xulrunner: DNE
edgy_xulrunner: needed (reached end-of-life)
feisty_xulrunner: released (1.8.0.10-3ubuntu1)
gutsy_xulrunner: released (1.8.0.10-3ubuntu1)
devel_xulrunner: released (1.8.0.10-3ubuntu1)
dapper_iceape: DNE
edgy_iceape: DNE
feisty_iceape: DNE
gutsy_iceape: released (1.1.4-1ubuntu2)
devel_iceape: DNE
upstream_firefox:
upstream_iceape:
upstream_lightning-sunbird:
upstream_midbrowser:
upstream_xulrunner:
|