CVE-2007-3844

Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka Cross Context Scripting. NOTE: this issue is caused by a CVE-2007-3089 regression.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	2.0.0.5 (including)	2.0.0.5 (including)
Seamonkey	Mozilla	1.1.3 (including)	1.1.3 (including)
Thunderbird	Mozilla	2.0.0.5 (including)	2.0.0.5 (including)
Red Hat Enterprise Linux 2.1	RedHat	seamonkey-0:1.0.9-0.6.el2	*
Red Hat Enterprise Linux 3	RedHat	seamonkey-0:1.0.9-0.5.el3	*
Red Hat Enterprise Linux 4	RedHat	firefox-0:1.5.0.12-0.7.el4	*
Red Hat Enterprise Linux 4	RedHat	seamonkey-0:1.0.9-6.el4	*
Red Hat Enterprise Linux 4	RedHat	thunderbird-0:1.5.0.12-0.5.el4	*
Red Hat Enterprise Linux 5	RedHat	firefox-0:1.5.0.12-6.el5	*
Red Hat Enterprise Linux 5	RedHat	thunderbird-0:1.5.0.12-5.el5	*
Firefox	Ubuntu	dapper	*
Firefox	Ubuntu	edgy	*
Firefox	Ubuntu	feisty	*
Iceape	Ubuntu	devel	*
Midbrowser	Ubuntu	devel	*
Mozilla-thunderbird	Ubuntu	dapper	*
Mozilla-thunderbird	Ubuntu	edgy	*
Mozilla-thunderbird	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-3844
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References