VDB
CVE-2007-3844
CVE-2007-3844
PUBLISHED
Reported by redhat · Published August 8, 2007
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a, n/a |
Timeline
- Aug 8, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 13, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- FEDORA-2007-2601 vendor-advisoryx_refsource_FEDORA
- x_refsource_CONFIRM
- USN-503-1 vendor-advisoryx_refsource_UBUNTU
- MDVSA-2008:047 vendor-advisoryx_refsource_MANDRIVA
- ADV-2007-3587 vdb-entryx_refsource_VUPEN
- 27414 third-party-advisoryx_refsource_SECUNIA
- HPSBUX02156 vendor-advisoryx_refsource_HP
- x_refsource_CONFIRM
- 26393 third-party-advisoryx_refsource_SECUNIA
- 26303 third-party-advisoryx_refsource_SECUNIA
- ADV-2007-4256 vdb-entryx_refsource_VUPEN
- 26309 third-party-advisoryx_refsource_SECUNIA
- HPSBUX02153 vendor-advisoryx_refsource_HP
- 27298 third-party-advisoryx_refsource_SECUNIA
- MDKSA-2007:152 vendor-advisoryx_refsource_MANDRIVA
- GLSA-200708-09 vendor-advisoryx_refsource_GENTOO
- 1018481 vdb-entryx_refsource_SECTRACK
- DSA-1345 vendor-advisoryx_refsource_DEBIAN
- 26288 third-party-advisoryx_refsource_SECUNIA
- 27327 third-party-advisoryx_refsource_SECUNIA
…and 35 more