Lucene search
Mozilla FoundationMFSA2007-26HistoryJul 30, 2007 - 12:00 a.m.
Privilege escalation through chrome-loaded about:blank windows β Mozilla
2007-07-3000:00:00
Mozilla Foundation
www.mozilla.org
16
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.951 High
EPSS
Percentile
99.3%
Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create βabout:blankβ windows and populate them in certain ways (including implicit βabout:blankβ document creation through data: or javascript: URLs in a new window).
Affected configurations
Node
mozillafirefoxRange<2.0.0.6
ORmozillaseamonkeyRange<1.1.4
ORmozillathunderbirdRange<1.5.0.13
ORmozillathunderbirdRange<2.0.0.6
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 2.0.0.6 | |
| seamonkey | lt | 1.1.4 | |
| thunderbird | lt | 1.5.0.13 | |
| thunderbird | lt | 2.0.0.6 |
Related
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2007-26
2007-08-01 00:00:00
Mozilla Firefox / Thunderbird URL processing code execution
2007-08-01 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:20:21
seebug
seebug
openvas
openvas
Slackware Advisory SSA:2007-213-01 firefox
2012-09-11 00:00:00
Debian Security Advisory DSA 1345-1 (xulrunner)
2008-01-17 00:00:00
Debian Security Advisory DSA 1344-1 (iceweasel)
2008-01-17 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2007-08-01 00:00:00
Thunderbird vulnerabilities
2007-08-25 00:00:00
debian
debian
[SECURITY] [DSA 1346-1] New iceape packages fix several vulnerabilities
2007-08-04 11:54:19
[SECURITY] [DSA 1345-1] New xulrunner packages fix several vulnerabilities
2007-08-04 11:42:41
[SECURITY] [DSA 1344-1] New iceweasel packages fix several vulnerabilities
2007-08-03 15:57:59
nessus
nessus
Slackware 11.0 / 12.0 : firefox (SSA:2007-213-01)
2007-08-02 00:00:00
Debian DSA-1344-1 : iceweasel - several vulnerabilities
2007-08-13 00:00:00
Debian DSA-1345-1 : xulrunner - several vulnerabilities
2007-08-13 00:00:00
cve
cve
CVE-2007-3844
2007-08-08 01:17:00
nvd
nvd
CVE-2007-3844
2007-08-08 01:17:00
prion
prion
Cross site scripting
2007-08-08 01:17:00
ubuntucve
ubuntucve
CVE-2007-3844
2007-08-08 00:00:00
cvelist
cvelist
CVE-2007-3844
2007-08-08 01:11:00
freebsd
freebsd
firefox -- OnUnload Javascript browser entrapment vulnerability
2007-10-19 00:00:00
gentoo
gentoo
Mozilla products: Multiple vulnerabilities
2007-08-14 00:00:00
centos
centos
seamonkey security update
2007-10-22 02:25:42
seamonkey security update
2007-10-19 22:39:36
thunderbird security update
2007-10-20 18:06:21
redhat
redhat
(RHSA-2007:0980) Critical: seamonkey security update
2007-10-19 00:00:00
(RHSA-2007:0981) Moderate: thunderbird security update
2007-10-19 00:00:00
(RHSA-2007:0979) Critical: firefox security update
2007-10-19 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: seamonkey-1.1.5-2.fc8
2007-11-06 16:05:16
[SECURITY] Fedora 7 Update: seamonkey-1.1.5-1.fc7
2007-10-24 07:02:38
[SECURITY] Fedora 8 Update: thunderbird-2.0.0.9-1.fc8
2007-11-16 00:39:02
oraclelinux
oraclelinux
Moderate: thunderbird security update
2007-10-20 00:00:00
Critical: firefox security update
2007-10-20 00:00:00
Critical: seamonkey security update
2007-10-20 00:00:00
suse
suse
remote code execution in MozillaFirefox,mozilla,seamonkey
2007-10-25 18:13:14
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.951 High
EPSS
Percentile
99.3%
Related for MFSA2007-26