Lucene search
Moz_bug_r_a4EDB-ID:30439HistoryJul 31, 2007 - 12:00 a.m.
Mozilla Firefox/Thunderbird/SeaMonkey - Chrome-Loaded About:Blank Script Execution
2007-07-3100:00:00
moz_bug_r_a4
www.exploit-db.com
12
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/25142/info
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a vulnerability that allows JavaScript to execute with unintended privileges.
A malicious site may be able to cause the execution of a script with Chrome privileges. Attackers could exploit this issue to execute hostile script code with privileges that exceed those that were intended. Certain Firefox extensions may not intend 'about:blank' to execute script code with Chrome privileges.
NOTE: This issue was introduced by the fix for MFSA 2007-20.
The following proof of concept is available:
w=open("about:blank");alert(1);u="javascript:alert(Components.stack);";w.document.body.innerHTML=u.link(u);w.focus();1 or top.opener.content.location="about:blank";alert(1);u="javascript:alert(Components.stack);";(w=top.opener.content).document.body.innerHTML=u.link(u);w.focus();1Related
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2007-26
2007-08-01 00:00:00
Mozilla Firefox / Thunderbird URL processing code execution
2007-08-01 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:20:21
seebug
seebug
mozilla
mozilla
Privilege escalation through chrome-loaded about:blank windows β Mozilla
2007-07-30 00:00:00
openvas
openvas
Slackware Advisory SSA:2007-213-01 firefox
2012-09-11 00:00:00
Debian Security Advisory DSA 1345-1 (xulrunner)
2008-01-17 00:00:00
Debian Security Advisory DSA 1344-1 (iceweasel)
2008-01-17 00:00:00
nessus
nessus
Slackware 11.0 / 12.0 : firefox (SSA:2007-213-01)
2007-08-02 00:00:00
Debian DSA-1345-1 : xulrunner - several vulnerabilities
2007-08-13 00:00:00
Debian DSA-1344-1 : iceweasel - several vulnerabilities
2007-08-13 00:00:00
debian
debian
[SECURITY] [DSA 1346-1] New iceape packages fix several vulnerabilities
2007-08-04 11:54:19
[SECURITY] [DSA 1345-1] New xulrunner packages fix several vulnerabilities
2007-08-04 11:42:41
[SECURITY] [DSA 1344-1] New iceweasel packages fix several vulnerabilities
2007-08-03 15:57:59
ubuntu
ubuntu
Firefox vulnerabilities
2007-08-01 00:00:00
Thunderbird vulnerabilities
2007-08-25 00:00:00
prion
prion
Cross site scripting
2007-08-08 01:17:00
cve
cve
CVE-2007-3844
2007-08-08 01:17:00
nvd
nvd
CVE-2007-3844
2007-08-08 01:17:00
ubuntucve
ubuntucve
CVE-2007-3844
2007-08-08 00:00:00
cvelist
cvelist
CVE-2007-3844
2007-08-08 01:11:00
freebsd
freebsd
firefox -- OnUnload Javascript browser entrapment vulnerability
2007-10-19 00:00:00
gentoo
gentoo
Mozilla products: Multiple vulnerabilities
2007-08-14 00:00:00
centos
centos
seamonkey security update
2007-10-19 22:39:36
seamonkey security update
2007-10-22 02:25:42
thunderbird security update
2007-10-20 18:06:21
redhat
redhat
(RHSA-2007:0980) Critical: seamonkey security update
2007-10-19 00:00:00
(RHSA-2007:0981) Moderate: thunderbird security update
2007-10-19 00:00:00
(RHSA-2007:0979) Critical: firefox security update
2007-10-19 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: seamonkey-1.1.5-2.fc8
2007-11-06 16:05:16
[SECURITY] Fedora 8 Update: thunderbird-2.0.0.9-1.fc8
2007-11-16 00:39:02
[SECURITY] Fedora 7 Update: thunderbird-2.0.0.9-1.fc7
2007-11-16 00:41:37
oraclelinux
oraclelinux
Critical: seamonkey security update
2007-10-20 00:00:00
Critical: firefox security update
2007-10-20 00:00:00
Moderate: thunderbird security update
2007-10-20 00:00:00
suse
suse
remote code execution in MozillaFirefox,mozilla,seamonkey
2007-10-25 18:13:14