VDB

CVE-2007-3844

CVE-2007-3844 PUBLISHED

Reported by redhat · Published August 8, 2007

Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.

Affected Products

VendorProductVersions
n/an/an/a
n/an/an/a, n/a, n/a

Timeline

  • Aug 8, 2007 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 3, 2023 EPSS Score
  • Feb 13, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • May 25, 2023 EPSS Score
  • Jul 17, 2023 EPSS Score
  • Sep 8, 2023 EPSS Score

References

  • FEDORA-2007-2601 vendor-advisoryx_refsource_FEDORA
  • x_refsource_CONFIRM
  • USN-503-1 vendor-advisoryx_refsource_UBUNTU
  • MDVSA-2008:047 vendor-advisoryx_refsource_MANDRIVA
  • ADV-2007-3587 vdb-entryx_refsource_VUPEN
  • 27414 third-party-advisoryx_refsource_SECUNIA
  • HPSBUX02156 vendor-advisoryx_refsource_HP
  • x_refsource_CONFIRM
  • 26393 third-party-advisoryx_refsource_SECUNIA
  • 26303 third-party-advisoryx_refsource_SECUNIA
  • ADV-2007-4256 vdb-entryx_refsource_VUPEN
  • 26309 third-party-advisoryx_refsource_SECUNIA
  • HPSBUX02153 vendor-advisoryx_refsource_HP
  • 27298 third-party-advisoryx_refsource_SECUNIA
  • MDKSA-2007:152 vendor-advisoryx_refsource_MANDRIVA
  • GLSA-200708-09 vendor-advisoryx_refsource_GENTOO
  • 1018481 vdb-entryx_refsource_SECTRACK
  • DSA-1345 vendor-advisoryx_refsource_DEBIAN
  • 26288 third-party-advisoryx_refsource_SECUNIA
  • 27327 third-party-advisoryx_refsource_SECUNIA

…and 35 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›