CVE-2007-3844
CVE-2007-3844
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/30439unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bugzilla.mozilla.org/show_bug.cgi?id=388121http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579http://secunia.com/advisories/26234http://secunia.com/advisories/26258http://secunia.com/advisories/26288http://secunia.com/advisories/26303http://secunia.com/advisories/26309http://secunia.com/advisories/26331http://secunia.com/advisories/26335http://secunia.com/advisories/26393http://secunia.com/advisories/26460