Lucene search

PRIOn knowledge basePRION:CVE-2007-0780

HistoryFeb 26, 2007 - 8:28 p.m.

Cross site scripting

2007-02-2620:28:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.1%

JSON

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

CPENameOperatorVersion
ubuntu_linuxeq6.06
ubuntu_linuxeq6.10
ubuntu_linuxeq5.10
firefoxge1.5
firefoxlt1.5.0.10
firefoxge2.0
firefoxlt2.0.0.2
seamonkeylt1.0.8

Name	Operator	Version
ubuntu_linux	eq	6.06
ubuntu_linux	eq	6.10
ubuntu_linux	eq	5.10
firefox	ge	1.5
firefox	lt	1.5.0.10
firefox	ge	2.0
firefox	lt	2.0.0.2
seamonkey	lt	1.0.8

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

fedoranews.org/cms/node/2713

fedoranews.org/cms/node/2728

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

rhn.redhat.com/errata/RHSA-2007-0077.html

secunia.com/advisories/24205

secunia.com/advisories/24238

secunia.com/advisories/24287

secunia.com/advisories/24290

secunia.com/advisories/24293

secunia.com/advisories/24320

secunia.com/advisories/24328

secunia.com/advisories/24333

secunia.com/advisories/24342

secunia.com/advisories/24343

secunia.com/advisories/24384

secunia.com/advisories/24393

secunia.com/advisories/24395

secunia.com/advisories/24437

secunia.com/advisories/24455

secunia.com/advisories/24457

secunia.com/advisories/24650

security.gentoo.org/glsa/glsa-200703-04.xml

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

www.gentoo.org/security/en/glsa/glsa-200703-08.xml

www.mandriva.com/security/advisories?name=MDKSA-2007:050

www.mozilla.org/security/announce/2007/mfsa2007-05.html

www.novell.com/linux/security/advisories/2007_22_mozilla.html

www.osvdb.org/32107

www.redhat.com/support/errata/RHSA-2007-0078.html

www.redhat.com/support/errata/RHSA-2007-0079.html

www.redhat.com/support/errata/RHSA-2007-0097.html

www.redhat.com/support/errata/RHSA-2007-0108.html

www.securityfocus.com/archive/1/461336/100/0/threaded

www.securityfocus.com/archive/1/461809/100/0/threaded

www.securityfocus.com/bid/22694

www.securitytracker.com/id?1017702

www.ubuntu.com/usn/usn-428-1

www.vupen.com/english/advisories/2007/0718

bugzilla.mozilla.org/show_bug.cgi?id=354973

exchange.xforce.ibmcloud.com/vulnerabilities/32667

issues.rpath.com/browse/RPL-1081

issues.rpath.com/browse/RPL-1103

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884

5.4 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.1%

JSON

Related for PRION:CVE-2007-0780